* Benny Baumann: > As stated in the initial report you MUST never place arbitrary > limits on the size of cryptographic keys which is this bug is doing > in the first place.
Actually, you have to, otherwise you end up with a rather trivial pre-authentication denial of service vulnerability. It's less of an issue for the plain RSA cipher suites, but for many of the more sophisticated ones, it is. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
