[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Sensible size limit for stored SSL sessions?
From:       Victor Duchovni <Victor.Duchovni () MorganStanley ! com>
Date:       2005-09-29 23:18:26
Message-ID: 20050929231826.GD21818 () piias899 ! ms ! com
[Download RAW message or body]


We are contemplating setting a size limit on the sessions that Postfix
will commit to external storage, this should be large enough to hold all
reasonable server certificate chains, and yet not so large as to easily
allow bad servers to exhaust system storage with huge session objects.

Are there any guidelines on how much space one should be willing to
allocate for an SSL_SESSION (serialized size) before one considers
the peer that creates a session that large to be an attacker...

FWIW, the largest session in my session cache now is 2198 bytes.

-- 
	Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]