[openssl-dev] Need CVE-2015-3193 impact explained
Andy Polyakov
appro at openssl.org
Mon Dec 7 10:00:23 UTC 2015
> The description of CVE-2015-3193 in 2015-12-04 security advisory
> states that EC algorithms are not affected, but attacks against DH are
> considered feasible.
> Not being a cryptographer that leaves me a bit confused.
> Are applications supporting cipher suites with ECDHE- variants vulnerable?
*No* EC algorithms are affected. Advisory refers to non-EC DH key
exchange. So that answer to specific question is no.
More information about the openssl-dev
mailing list