17 Dec
2003
17 Dec
'03
11:17 p.m.
At 07:12 AM 11/27/96 +0000, you wrote: .....etc Can you be more specific? What are the vulnerabilities you are aware of?
I've never seen a security review of SSLeay, and if anyone gave it a clean bill of health, they didn't have their eye on the ball. Note, I'm not knocking SSLeay here, it is a wonderful lump of code, but it hasn't been written with security in mind (IMHO).
Cheers,
Ben.
-- Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director URL: http://www.algroup.co.uk/Apache-SSL A.L. Digital Ltd, Apache Group member (http://www.apache.org) London, England. Apache-SSL author