oss-sec mailing list archives
Re: CVE Request: AWS s2n
From: Markus Vervier <markus.vervier () lsexperts de>
Date: Wed, 22 Jul 2015 14:16:27 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 15.07.2015 03:57, MacCarthaigh, Colm wrote:
like our first cut. That restriction also means that we’re not seeing any production usage from
downstream adopters, or downstream packaging. I’m not aware of anyone using s2n as a client. Hi Colm, thx for the long explanation, I see your point. I just have to add that I would recommend to not compile client mode code regarded as insecure/unstable into the library by default. Even if somewhat guarded by an environment variable. Markus - -- Markus Vervier (IT Security Consultant and Software Developer), http://www.lsexperts.de LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt Tel.: +49 (0) 6151 86086-261, Fax: -299, Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649 Geschäftsführer: Oliver Michel, Sven Walther -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVr4mLAAoJEK9u9A5+VXgeqEUIALhFsuAm/Owzv7JhIPzuJYjn nWibQowQq2/x5CcQ+woqoTxqQOLLcV9Ajr07MEYf3st0SMb+NM6E6NI/1nJiAxIZ bNBOkPoMbf+GqvFWDpuLAYcKgpD9+12X26oESX8ccIjMk7n214SUI8GKB7YcOBSM JoWzDIGcjxP9WdhhsHtsAhibHDVV6+I89HnMFbyIGsoCP2xysW8O96dh2IGJ2SWa dF3Yfve6FcaBIUMDvr3Ye7Gge3aoG1TIUpvqdQ31pLX+ZcUADQHfU7ohOxNO/HkM smMES7hMoWJo20hFggKsxDswHidw3tAixVcSUMcvBl6q5xW1i70mlWdJjONEtVA= =H0Wz -----END PGP SIGNATURE-----
Current thread:
- CVE Request: AWS s2n Markus Vervier (Jul 14)
- Re: CVE Request: AWS s2n Kurt Seifried (Jul 14)
- Re: CVE Request: AWS s2n Markus Vervier (Jul 14)
- Re: CVE Request: AWS s2n Kurt Seifried (Jul 14)
- Re: CVE Request: AWS s2n Anthony Liguori (Jul 16)
- Re: CVE Request: AWS s2n MacCarthaigh, Colm (Jul 16)
- Re: CVE Request: AWS s2n Markus Vervier (Jul 22)
- Re: CVE Request: AWS s2n Markus Vervier (Jul 14)
- Re: CVE Request: AWS s2n Kurt Seifried (Jul 14)