RetroShare

mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-20 12:21:37 -05:00

History

cave beat 9843c8381b added openSSL option SSL_OP_SINGLE_DH_USE regarding CVE-2016-0701 tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL 1.0.2 users should upgrade to 1.0.2f. If an application is using DH configured with parameters based on primes that are not "safe" or not Lim-Lee (as the one in RFC 5114) and either Static DH ciphersuites are used or DHE ciphersuites with the default OpenSSL configuration (in particular SSL_OP_SINGLE_DH_USE is not set) then is vulnerable to this attack.	2016-02-14 18:49:37 +01:00
..
src	added openSSL option SSL_OP_SINGLE_DH_USE regarding CVE-2016-0701	2016-02-14 18:49:37 +01:00

cave beat 9843c8381b added openSSL option SSL_OP_SINGLE_DH_USE regarding CVE-2016-0701

tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL 1.0.2 users should upgrade to 1.0.2f. If an application is using DH configured with parameters based on primes that are not "safe" or not Lim-Lee (as the one in RFC 5114) and either Static DH ciphersuites are used or DHE ciphersuites with the default OpenSSL configuration (in particular SSL_OP_SINGLE_DH_USE is not set) then is vulnerable to this attack.

2016-02-14 18:49:37 +01:00

src

added openSSL option SSL_OP_SINGLE_DH_USE regarding CVE-2016-0701

2016-02-14 18:49:37 +01:00