The OpenSSL project team has patched two vulnerabilities in the cryptographic library and enhanced the strength of existing cryptography used by OpenSSL versions 1.0.1 and 1.0.2. OpenSSL 1.0.2 users should upgrade to 1.0.2f, and 1.0.1 users should upgrade to 1.0.1r to take advantage of the cryptographic improvements, according to the security advisory.
The high-priority bug addresses an issue in how some Diffie-Hellman parameters are generated in OpenSSL 1.0.2 (CVE 2016-0701). Historically, the parameters were generated using only “safe” prime numbers, but primes generating X9.42 style parameter files, such as those required for RFC 5114 support, may not be safe after all.
To read this article in full or to leave a comment, please click here