1 files changed, 9 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index d76fb8b9c8..8f6032a491 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.42 2014/10/18 16:13:16 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.43 2014/11/08 15:21:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -238,15 +238,14 @@ SSL_SESSION_get_compress_id(const SSL_SESSION *s)
 }
 /*
- * Even with SSLv2, we have 16 bytes (128 bits) of session ID space.
+ * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
- * SSLv3/TLSv1 has 32 bytes (256 bits). As such, filling the ID with random
+ * the ID with random gunk repeatedly until we have no conflict is going to
- * gunk repeatedly until we have no conflict is going to complete in one
+ * complete in one iteration pretty much "most" of the time (btw:
- * iteration pretty much "most" of the time (btw: understatement). So, if it
+ * understatement). So, if it takes us 10 iterations and we still can't avoid
- * takes us 10 iterations and we still can't avoid a conflict - well that's a
+ * a conflict - well that's a reasonable point to call it quits. Either the
- * reasonable point to call it quits. Either the RAND code is broken or someone
+ * arc4random code is broken or someone is trying to open roughly very close to
- * is trying to open roughly very close to 2^128 (or 2^256) SSL sessions to our
+ * 2^128 (or 2^256) SSL sessions to our server. How you might store that many
- * server. How you might store that many sessions is perhaps a more interesting
+ * sessions is perhaps a more interesting question...
- * question...
 */
 #define MAX_SESS_ID_ATTEMPTS 10

diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index d76fb8b9c8..8f6032a491 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sess.c,v 1.42 2014/10/18 16:13:16 jsing Exp $ */	1	/* $OpenBSD: ssl_sess.c,v 1.43 2014/11/08 15:21:02 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -238,15 +238,14 @@ SSL_SESSION_get_compress_id(const SSL_SESSION *s)
238	}	238	}
239		239
240	/*	240	/*
241	* Even with SSLv2, we have 16 bytes (128 bits) of session ID space.	241	* SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
242	* SSLv3/TLSv1 has 32 bytes (256 bits). As such, filling the ID with random	242	* the ID with random gunk repeatedly until we have no conflict is going to
243	* gunk repeatedly until we have no conflict is going to complete in one	243	* complete in one iteration pretty much "most" of the time (btw:
244	* iteration pretty much "most" of the time (btw: understatement). So, if it	244	* understatement). So, if it takes us 10 iterations and we still can't avoid
245	* takes us 10 iterations and we still can't avoid a conflict - well that's a	245	* a conflict - well that's a reasonable point to call it quits. Either the
246	* reasonable point to call it quits. Either the RAND code is broken or someone	246	* arc4random code is broken or someone is trying to open roughly very close to
247	* is trying to open roughly very close to 2^128 (or 2^256) SSL sessions to our	247	* 2^128 (or 2^256) SSL sessions to our server. How you might store that many
248	* server. How you might store that many sessions is perhaps a more interesting	248	* sessions is perhaps a more interesting question...
249	* question...
250	*/	249	*/
251		250
252	#define MAX_SESS_ID_ATTEMPTS 10	251	#define MAX_SESS_ID_ATTEMPTS 10