httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21290] - Progressive failure of MAC Message Decoding in HTTPS handler (lib(20):ssl func(143):reason(1109))
Date Wed, 09 Jul 2003 19:21:50 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21290>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21290

Progressive failure of MAC Message Decoding in HTTPS handler (lib(20):ssl func(143):reason(1109))

ksnider@flarn.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From ksnider@flarn.com  2003-07-09 19:21 -------
Yet more information.

It turns out the "RSA Blinding" patch for openssl is the culprit. It isn't
threadsafe, and while this works for apache w/prefork, worker, being
multithreaded, will display this issue under load.

As a point of note, Red Hat 7-9 incorporate this patch. This means the worker
mpm (or any other threaded mpm) WILL FAIL UNDER LOAD at this point. This is true
of anyone else using the RSA Blinding patch from Bugtraq.

I'm closing this bug as INVALID since the bug isn't with apache. However, I
think this is something that should be noted somewhere, since this has the
potential to affect virtually anoyone using SSL, apache 2, and the worker MPM.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message