[openssl-users] Openssl software failure for RSA 16K modulus
Salz, Rich
rsalz at akamai.com
Thu Jul 21 14:31:03 UTC 2016
> Instead of raising the limit of client key exchange message length more than 2048, why can't we add the
> "ssl3_check_client_hello" functionality in the ssl/s3_srvr.c because that will "permit appropriate message length".
The DoS issue is still there. How can you prevent the "other side" from consuming all your CPU with a large key?
Who needs 16K RSA keys, such that openssl by default should support that for everyone?
More information about the openssl-users
mailing list