According to a server testing service I have tried, OpenSSL 0.9.8 fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0 does this rejection. They do not provide a CVE number for this issue, and I cannot find it in the OpenSSL CHANGES file for 1.0.0 (as that is the version they mention).
Could anyone: - Confirm or deny this - Indicate if this has a known CVE number - Indicate in which OpenSSL version this was fixed - Indicate why (if true) this has not been backported to 0.9.8, which was still receiving other security patches at the time this was allegedly fixed in 1.0.0 P.S. I am very familiar with the DH algorithm as such and I am somewhat surprised that these sanity checks were missing in the official DH implementation so recently (if the report is true). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
