severity 747453 normal thanks I don't see how the severity of this is critical.
On Thu, May 08, 2014 at 11:23:04PM +0200, Benny Baumann wrote: > Source: openssl > Severity: critical > Tags: security patch > > OpenSSL contains a set of arbitrary limitations on the size of accepted key > parameters that make unrelated software fail to establish secure connections. > The problem was found while debugging a XMPP s2s connection issue where two > servers with long certificate keys (8192 Bit RSA) failed to establish a secure > connection because OpenSSL rejected the handshake. > > The attached two patches fix the following issues: > 1. Remove the restriction on DSA/DHE parameters to allow for arbitrary size > 2. Increase the maximum allowed size for transmitted (client/server) keys > from 516 byte (e.g. 4096 bit RSA) to 8200 byte (e.g. 65536 bit RSA) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
