[openssl-dev] OpenSSL Security Advisory
Rainer Jung
rainer.jung at kippdata.de
Wed Feb 3 00:11:17 UTC 2016
Am 03.02.2016 um 00:30 schrieb Kurt Roeckx:
> On Tue, Feb 02, 2016 at 10:34:32PM +0100, Rainer Jung wrote:
>> Hi there,
>>
>> reading the last advisory again, I noticed, that there's one logical
>> inconsistency.
>>
>> First:
>>
>> OpenSSL before 1.0.2f will reuse the key if:
>> ...
>> - Static DH ciphersuites are used. The key is part of the certificate and so
>> it will always reuse it. This is only supported in 1.0.2.
>>
>>
>> and then:
>>
>> It will not reuse the key for DHE ciphers suites if:
>> - SSL_OP_SINGLE_DH_USE is set
>> ...
>>
>> So what's the situation if both situations apply, static DH ciphersuites are
>> used and SSL_OP_SINGLE_DH_USE is set is set.
>
> Note that it says DHE ciphers, excluding the DH ciphers.
Thanks Matt and Kurt for enlightening me.
Regards,
Rainer
More information about the openssl-dev
mailing list