oh joy
I guess I should change my systems from using 3fa (username/password/certficate/OTP) to using username/password/OTP+ip restriction...
A bug in OpenSSL certificate parsing leaves systems open to denial-of-service attacks from anyone wielding an explicit curve. The vulnerability stems from a bug in the BN_mod_sqrt() function, which the OpenSSL team said is used to parse certificates that "contain elliptic curve public keys in compressed form or explicit …