[openssl-dev] OpenSSL Security Advisory
Kurt Roeckx
kurt at roeckx.be
Tue Feb 2 23:30:24 UTC 2016
On Tue, Feb 02, 2016 at 10:34:32PM +0100, Rainer Jung wrote:
> Hi there,
>
> reading the last advisory again, I noticed, that there's one logical
> inconsistency.
>
> First:
>
> OpenSSL before 1.0.2f will reuse the key if:
> ...
> - Static DH ciphersuites are used. The key is part of the certificate and so
> it will always reuse it. This is only supported in 1.0.2.
>
>
> and then:
>
> It will not reuse the key for DHE ciphers suites if:
> - SSL_OP_SINGLE_DH_USE is set
> ...
>
> So what's the situation if both situations apply, static DH ciphersuites are
> used and SSL_OP_SINGLE_DH_USE is set is set.
Note that it says DHE ciphers, excluding the DH ciphers.
Kurt
More information about the openssl-dev
mailing list