
<div dir="ltr"><div>we still can use SSL DOS in freeswitch with TLS. <br><br></div>but that only make CPU goes up to 100%<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 5:56 PM, jay binks <span dir="ltr">&lt;<a href="mailto:jaybinks@gmail.com" target="_blank">jaybinks@gmail.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra">This is useful for webservers, possibly for SIP-TLS ... not sure .</div><div class="gmail_extra">

<br></div><div class="gmail_extra"><a href="http://filippo.io/Heartbleed/" style="font-family:arial,sans-serif;font-size:13px" target="_blank">http://filippo.io/Heartbleed/</a><br>


</div><div class="gmail_extra"><br></div><div class="gmail_extra">Jay</div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On 8 April 2014 17:46, Daniel Ivanov <span dir="ltr">&lt;<a href="mailto:sertys@gmail.com" target="_blank">sertys@gmail.com</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">PFS would not by any means protect you by such an implementation failure. And the problem with PFS is the fact that it&#39;s wildly believe that the ecliptic curve algorithms behind it are cratfully backdoored.</div>


<div><div>

<div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 12:20 AM, R P Herrold <span dir="ltr">&lt;<a href="mailto:herrold@owlriver.com" target="_blank">herrold@owlriver.com</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div>On Mon, 7 Apr 2014, Michael Jerris wrote:<br>

<br>

&gt; More information available at  <a href="http://heartbleed.com/" target="_blank">http://heartbleed.com/</a> .  You should probably upgrade openssl to at least 1.0.1g and re-generate all keys and invalidate old keys.<br>


<br>

</div>* nod * looks material.  I mentioned side channel leakage [of<br>

which this is a variant], and the need to move to Perfect<br>

Forward Security in my post last week<br>

<br>

The speculation in the heartbleed site as to CentOS 6 series<br>

PRIOR to the 6.5 updates, seems to be partiall ruled out by:<br>

        <a href="https://access.redhat.com/security/cve/CVE-2014-0160" target="_blank">https://access.redhat.com/security/cve/CVE-2014-0160</a><br>

<br>

but the 6.5 update srouces, sadly, adds it, and so we can look<br>

for an openssl update there<br>

<br>

-- Russ herrold<br>

<div><div><br>

_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

</div></div></blockquote></div><br></div>

</div></div><br>_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<br></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br>Sincerely<br><br>Jay

</font></span></div></div>

<br>_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<br></blockquote></div><br></div>