Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

[Илья Ш. <chi...@gm...>]

‪вс, 17 нояб. 2024 г. в 14:51, ‫נתי שטרן‬‎ <ns...@gm...>:‬




> I think there is an option for DoS and therefore there is an option to cve
> or to write a patch..........
> ‫בתאריך יום א׳, 17 בנוב׳ 2024 ב-12:03 מאת ‪Gert Doering‬‏ <‪
> ge...@gr...‬‏>:‬
>

did you apply for CVE ?


> Hi,
>>
>> On Sun, Nov 17, 2024 at 05:45:16AM +0200, ?????? ???????? wrote:
>> > I send logs:
>>
>> Everything I can see in these logs is intentional - the exponential
>> backoff is there on purpose, to avoid (!) exhausting resources (CPU,
>> disk, ...) if there is a transient failure - as in "it can not succeed
>> now, no matter how hard you try, but might succeed later".
>>
>> The backoff timing can be controlled by the config, so to change the
>> timing, no code change is needed ("connect-retry 5 5" will make it
>> wait 5 seconds on every connect, for example).
>>
>> "restarting process" is not an indication of "anything crashed" - it's
>> just "we will not abort, but start again, from the beginning".  If you
>> add "tls-exit" to the config, then it will not restart but exit.
>>
>> gert
>> --
>> "If was one thing all people took for granted, was conviction that if you
>>  feed honest figures into a computer, honest figures come out. Never
>> doubted
>>  it myself till I met a computer with a sense of humor."
>>                              Robert A. Heinlein, The Moon is a Harsh
>> Mistress
>>
>> Gert Doering - Munich, Germany
>> ge...@gr...
>>
>
>
> --
> <https://netanel.ml>
> _______________________________________________
> Openvpn-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>