> I wasn't involved at the time, but reading about it now CVE-2011-1473 > essentially says (as I understand it) that if you fire lots of SSL > handshakes at a server it could cause a DoS because it is much cheaper on > the client side than it is on the server side. That's pretty disingenuous. You can open lots of connections to a server and eventually the server will exhaust resources. Sigh....
I've got an improvement on the attack: use a botnet to have compromised hosts open one or two connections each to evade firewalls.... _______________________________________________ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
