[cryptography] Just how bad is OpenSSL ?

Jeffrey Walton noloader at gmail.com
Tue Oct 30 14:01:13 EDT 2012


On Tue, Oct 30, 2012 at 12:10 PM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
> On Oct 30, 2012, at 9:11 AM, Thierry Moreau <thierry.moreau at connotech.com> wrote:
>
>> Then it's just a matter of the shortest route to finish: route a) secure the swap, route b) monitor software components for maximum memory usage vs physical mem plus make a memory exhaustion fault analysis.
>
> Errr, isn't the shortest route c) don't use swap in that system? You are not *forced* to use swap in Linux: I have plenty of Linux instances where it is not turned on.
>
> Noting that it is humorous that people are attributing this to bad OpenSSL, not bad understanding of the places where OpenSSL runs....
>
I'm not sure anyone is blaming negative platform interactions on
OpenSSL (I did not get that impression). It is what it is.

A comment in the source code on occasion warning about the negative
interaction would be nice though. +1 if its properly formatted, too.

Jeff



More information about the cryptography mailing list