[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]
René Pfeiffer
lynx at luchs.at
Fri May 16 15:12:34 CEST 2014
On May 16, 2014 at 1510 +0200, Aaron Zauner appeared and said:
>
>
> MacLemon wrote:
> > On 15.05.2014, at 21:54, Aaron Zauner <azet at azet.org> wrote:
> >> some daemons have problems with cipherstrings that long (e.g.
> >> OpenVPN
> >
> > IIRC OpenVPN is the ONLY daemon we currently know of that limits the config line length to 255 chars and hence may run into a problem. Did anyone of us already file a bug upstream with OpenVPN to fix that?
> >
> We know of. Right. As someone who has seen quite some messy C code that
> people ship in software - I am certain that we will run into more
> problems. Just waiting for the first buffer-overrun reports because of
> our cipherstring :D…
Cipherstring fuzzing. Uh. Oh.
:D,
René.
--
)\._.,--....,'``. fL Let GNU/Linux work for you while you take a nap.
/, _.. \ _\ (`._ ,. R. Pfeiffer <lynx at luchs.at> + http://web.luchs.at/
`._.-(,_..'--(,_..'`-.;.' - System administration + Consulting + Teaching -
Got mail delivery problems? http://web.luchs.at/information/blockedmail.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140516/1a716d85/attachment.sig>
More information about the Ach
mailing list