Skip to content
  1. Jan 28, 2016
    • Matt Caswell's avatar
      Prevent small subgroup attacks on DH/DHE · 878e2c5b
      Matt Caswell authored
      
      
      Historically OpenSSL only ever generated DH parameters based on "safe"
      primes. More recently (in version 1.0.2) support was provided for
      generating X9.42 style parameter files such as those required for RFC
      5114 support. The primes used in such files may not be "safe". Where an
      application is using DH configured with parameters based on primes that
      are not "safe" then an attacker could use this fact to find a peer's
      private DH exponent. This attack requires that the attacker complete
      multiple handshakes in which the peer uses the same DH exponent.
      
      A simple mitigation is to ensure that y^q (mod p) == 1
      
      CVE-2016-0701 (fix part 1 of 2)
      
      Issue reported by Antonio Sanso.
      
      Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
      878e2c5b
    • Viktor Dukhovni's avatar
      Better SSLv2 cipher-suite enforcement · d81a1600
      Viktor Dukhovni authored
      
      
      Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com>
      
      CVE-2015-3197
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      d81a1600
  2. Jan 22, 2016
  3. Jan 21, 2016
  4. Jan 20, 2016
  5. Jan 19, 2016
  6. Jan 18, 2016
  7. Jan 17, 2016
  8. Jan 15, 2016
  9. Jan 14, 2016
  10. Jan 13, 2016
  11. Jan 12, 2016
  12. Jan 10, 2016
  13. Jan 02, 2016
  14. Dec 28, 2015
  15. Dec 27, 2015
  16. Dec 23, 2015
  17. Dec 22, 2015
  18. Dec 20, 2015
  19. Dec 19, 2015
  20. Dec 18, 2015
  21. Dec 16, 2015
  22. Dec 14, 2015