Limit the number of KeyUpdate messages we can process
Too many KeyUpdate message could be inicative of a problem (e.g. an infinite KeyUpdate loop if the peer always responds to a KeyUpdate message with an "update_requested" KeyUpdate response), or (conceivably) an attack. Either way we limit the number of KeyUpdate messages we are prepared to handle. Reviewed-by:Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
Please register or sign in to comment