[Pkg-openssl-devel] Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

[Florian Weimer]

* Benny Baumann:

> As stated in the initial report you MUST never place arbitrary
> limits on the size of cryptographic keys which is this bug is doing
> in the first place.

Actually, you have to, otherwise you end up with a rather trivial
pre-authentication denial of service vulnerability.  It's less of an
issue for the plain RSA cipher suites, but for many of the more
sophisticated ones, it is.