[openssl-dev] OpenSSL Security Advisory
Rainer Jung
rainer.jung at kippdata.de
Tue Feb 2 21:34:32 UTC 2016
Hi there,
reading the last advisory again, I noticed, that there's one logical
inconsistency.
First:
OpenSSL before 1.0.2f will reuse the key if:
...
- Static DH ciphersuites are used. The key is part of the certificate
and so it will always reuse it. This is only supported in 1.0.2.
and then:
It will not reuse the key for DHE ciphers suites if:
- SSL_OP_SINGLE_DH_USE is set
...
So what's the situation if both situations apply, static DH ciphersuites
are used and SSL_OP_SINGLE_DH_USE is set is set. Which of these is
stronger? Will the key be reused? Or is that combination impossible? It
doesn't seem to be clear to me from the wording in the advisory.
Thanks for any clarification.
Regards,
Rainer
More information about the openssl-dev
mailing list