[openssl-dev] OpenSSL Security Advisory
Hanno Böck
hanno at hboeck.de
Fri Jan 29 11:02:48 UTC 2016
On Thu, 28 Jan 2016 15:05:47 +0000
OpenSSL <openssl at openssl.org> wrote:
> Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
> default and cannot be disabled. This could have some performance
> impact.
I think it's good that this has been changed now.
I found this ephemeral key reuse always problematic.
However as far as I'm aware there's still the same situation with
elliptic curve diffie hellman. It reuses the ephemeral key for several
connections unless one sets SSL_OP_SINGLE_ECDH_USE.
As with the DH one most server apps already set this.
This is unrelated to the current vuln, but I find this risky. It
creates an additional server secret that can leak and bugs in the
elliptic curve key exchange that would be harmless without this feature
could become very severe.
I would therefore propose to do the same change also for ECDH and make
SSL_OP_SINGLE_ECDH_USE the default.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160129/41b8ab27/attachment.sig>
More information about the openssl-dev
mailing list