View Issue Details

IDProjectCategoryView StatusLast Update
0002971unrealircdpublic2011-11-27 19:23
ReportertabrisnetAssigned Tosyzop 
PrioritynormalSeverityfeatureReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinux/x86OSDebian LinuxOS Versiontesting
Product Version3.2.4 
Target VersionFixed in Version3.2.8 
Summary0002971: Paranoid SSL settings
DescriptionBIO_set_ssl_renegotiate_bytes(b,bytes)
BIO_set_ssl_renegotiate_timeout(b,seconds)

The above set how often an SSL ephemeral session key is renegotiated. What I'd like to see is an option where we can set values for this (yes, there are some practical limits. Like never set BIO_set_ssl_renegotiate_bytes to less than 4096 [and frankly, that'd be stupid even then])

Yes, it's probably paranoid, but there are uses for this. It'd be optional, it'd be hidden somewhere in the setup.h or config.h. But for those of us who like to be paranoid and put tinfoil hats on our computers, it might just take the edge off of our paranoia ;)
Additional InformationI wonder if this would allow IRC to be used (behind the scenes) in things like hospitals btwn PDAs or whatever. HIPAA regulations, among others.
TagsNo tags attached.
3rd party modules

Relationships

related to 0002368 resolvedstskeeps TLS cipherlist in set block 

Activities

syzop

2006-06-23 18:34

administrator   ~0012005

I don't see why not :P

stskeeps

2007-05-14 04:47

reporter   ~0014134

Last edited: 2007-05-14 04:50

For takers:

BIO *SSL_get_rbio(SSL *ssl);
BIO *SSL_get_wbio(SSL *ssl);

And running these commands on it

stskeeps

2007-05-17 05:40

reporter   ~0014153

Last edited: 2007-05-17 05:41

Fixed in .2406. Please test it through.

syzop

2011-11-27 19:23

administrator   ~0016804

Is actually already in 3.2.8.

Issue History

Date Modified Username Field Change
2006-06-14 15:20 tabrisnet New Issue
2006-06-23 18:34 syzop Note Added: 0012005
2006-06-23 18:34 syzop Status new => acknowledged
2007-05-14 04:42 stskeeps Relationship added related to 0002368
2007-05-14 04:47 stskeeps Note Added: 0014134
2007-05-14 04:50 stskeeps Note Edited: 0014134
2007-05-17 05:40 stskeeps Status acknowledged => resolved
2007-05-17 05:40 stskeeps Fixed in Version => 3.3-alpha0
2007-05-17 05:40 stskeeps Resolution open => fixed
2007-05-17 05:40 stskeeps Assigned To => stskeeps
2007-05-17 05:40 stskeeps Note Added: 0014153
2007-05-17 05:41 stskeeps Note Edited: 0014153
2011-07-19 18:00 syzop Assigned To stskeeps =>
2011-07-19 18:00 syzop Status resolved => needs re porting
2011-11-27 19:23 syzop Note Added: 0016804
2011-11-27 19:23 syzop Status needs re porting => resolved
2011-11-27 19:23 syzop Fixed in Version 3.3-alpha0 => 3.2.8
2011-11-27 19:23 syzop Assigned To => syzop