oss-sec mailing list archives

Re: CVE Request: AWS s2n

From: Markus Vervier <markus.vervier () lsexperts de>
Date: Wed, 22 Jul 2015 14:16:27 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 15.07.2015 03:57, MacCarthaigh, Colm wrote:

like our first cut. That restriction also means that we’re not seeing any production usage from

downstream adopters, or downstream packaging. I’m not aware of anyone
using s2n as a client.

Hi Colm,

thx for the long explanation, I see your point. I just have to add that
I would recommend to not compile client mode code regarded as
insecure/unstable into the library by default. Even if somewhat guarded
by an environment variable.

Markus

- -- 
Markus Vervier (IT Security Consultant and Software Developer),
http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel.: +49 (0) 6151 86086-261, Fax: -299,
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVr4mLAAoJEK9u9A5+VXgeqEUIALhFsuAm/Owzv7JhIPzuJYjn
nWibQowQq2/x5CcQ+woqoTxqQOLLcV9Ajr07MEYf3st0SMb+NM6E6NI/1nJiAxIZ
bNBOkPoMbf+GqvFWDpuLAYcKgpD9+12X26oESX8ccIjMk7n214SUI8GKB7YcOBSM
JoWzDIGcjxP9WdhhsHtsAhibHDVV6+I89HnMFbyIGsoCP2xysW8O96dh2IGJ2SWa
dF3Yfve6FcaBIUMDvr3Ye7Gge3aoG1TIUpvqdQ31pLX+ZcUADQHfU7ohOxNO/HkM
smMES7hMoWJo20hFggKsxDswHidw3tAixVcSUMcvBl6q5xW1i70mlWdJjONEtVA=
=H0Wz
-----END PGP SIGNATURE-----

Current thread:

CVE Request: AWS s2n Markus Vervier (Jul 14)
- Re: CVE Request: AWS s2n Kurt Seifried (Jul 14)
  - Re: CVE Request: AWS s2n Markus Vervier (Jul 14)
    - Re: CVE Request: AWS s2n Kurt Seifried (Jul 14)
    - Re: CVE Request: AWS s2n Anthony Liguori (Jul 16)
    - Re: CVE Request: AWS s2n MacCarthaigh, Colm (Jul 16)
    - Re: CVE Request: AWS s2n Markus Vervier (Jul 22)