Sensible size limit for stored SSL sessions?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Sensible size limit for stored SSL sessions?

Victor Duchovni

We are contemplating setting a size limit on the sessions that Postfix
will commit to external storage, this should be large enough to hold all
reasonable server certificate chains, and yet not so large as to easily
allow bad servers to exhaust system storage with huge session objects.

Are there any guidelines on how much space one should be willing to
allocate for an SSL_SESSION (serialized size) before one considers
the peer that creates a session that large to be an attacker...

FWIW, the largest session in my session cache now is 2198 bytes.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]