[cryptography] Just how bad is OpenSSL ?

Jeffrey Walton noloader at gmail.com
Tue Oct 30 14:01:13 EDT 2012

On Tue, Oct 30, 2012 at 12:10 PM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
> On Oct 30, 2012, at 9:11 AM, Thierry Moreau <thierry.moreau at connotech.com> wrote:
>> Then it's just a matter of the shortest route to finish: route a) secure the swap, route b) monitor software components for maximum memory usage vs physical mem plus make a memory exhaustion fault analysis.
> Errr, isn't the shortest route c) don't use swap in that system? You are not *forced* to use swap in Linux: I have plenty of Linux instances where it is not turned on.
> Noting that it is humorous that people are attributing this to bad OpenSSL, not bad understanding of the places where OpenSSL runs....
I'm not sure anyone is blaming negative platform interactions on
OpenSSL (I did not get that impression). It is what it is.

A comment in the source code on occasion warning about the negative
interaction would be nice though. +1 if its properly formatted, too.


More information about the cryptography mailing list