[openssl-dev] Need CVE-2015-3193 impact explained

Leif Thuresson leif.thuresson at foxt.com
Mon Dec 7 09:53:15 UTC 2015

Previous message: [openssl-dev] [openssl.org #4169] openssl-1.0.2e build still recommends deprecated (unnecessary?) `make depend`, returns numerous warnings abt not finding stddef.h
Next message: [openssl-dev] Need CVE-2015-3193 impact explained
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The description of CVE-2015-3193 in 2015-12-04 security advisory
states that EC algorithms are not affected, but attacks against DH are 
considered feasible.
Not being a cryptographer that leaves me a bit confused.
Are applications supporting cipher suites with ECDHE- variants vulnerable?

Thanks,
/Leif

Previous message: [openssl-dev] [openssl.org #4169] openssl-1.0.2e build still recommends deprecated (unnecessary?) `make depend`, returns numerous warnings abt not finding stddef.h
Next message: [openssl-dev] Need CVE-2015-3193 impact explained
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssl-dev mailing list