> Never ship a Shared OpenSSL library. Anyone can rebuild it to output
> the socket buffer to disk prior to encryption and replace yours.
>
> :-)
A party to an encrypted conversation can put its contents in a full-page ad
in the New York Times if they want to. There's no need to keep a
conversati
csross wrote:
I don't know what is the purpose of building openssl shared. I am building
apache with ssl statically built in. What does building a shared openssl
give me?
The ability to upgrade openssl without having to recompile anything else.
Regards,
Graham
--
smime.p7s
Description:
Julian wrote:
Never ship a Shared OpenSSL library. Anyone can rebuild it to output the
socket buffer to disk prior to encryption and replace yours.
If someone can do that, you've been owned already, compiling it static
won't make any practical difference.
Regards,
Graham
--
smime.p7s
Desc
On Thu, Oct 23, 2008 at 02:12:45PM -0700, Julian wrote:
> Never ship a Shared OpenSSL library. Anyone can rebuild it to output
> the socket buffer to disk prior to encryption and replace yours.
This risk model is not often realistic. If the administrator of the
machine is your adversary, you're
Never ship a Shared OpenSSL library. Anyone can rebuild it to output
the socket buffer to disk prior to encryption and replace yours.
:-)
On Oct 23, 2008, at 9:32 AM, csross wrote:
I don't know what is the purpose of building openssl shared. I am
building
apache with ssl statically built
