Hello, I've just submitted a build of caml-crush [0] in F22. It provides the original server in caml-crush package, and an isolated system-wide PKCS #11 module in the caml-crush-softhsm package. The latter provides applications and servers which support PKCS #11 with keys that are stored outside their address space. That would prevent an attack similar to heartbleed to extract the keys of the server. It seems however that in Fedora we don't have many servers which can take advantage of keys in PKCS #11. I've tested the module with lighttpd2 and it has reasonable performance. Instructions on how to setup keys in the module are shown in [1]. That's the first iteration of the module, and comments and suggestions are welcome. regards, Nikos [0]. https://github.com/ANSSI-FR/caml-crush [1]. http://pkgs.fedoraproject.org/cgit/caml-crush.git/tree/README.fedora -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
