+1 Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Hanno Böck Sent: Friday, January 29, 2016 06:18 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Cc: open...@openssl.org Subject: Re: [openssl-dev] OpenSSL Security Advisory
On Thu, 28 Jan 2016 15:05:47 +0000 OpenSSL <open...@openssl.org> wrote: > Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by > default and cannot be disabled. This could have some performance > impact. I think it's good that this has been changed now. I found this ephemeral key reuse always problematic. However as far as I'm aware there's still the same situation with elliptic curve diffie hellman. It reuses the ephemeral key for several connections unless one sets SSL_OP_SINGLE_ECDH_USE. As with the DH one most server apps already set this. This is unrelated to the current vuln, but I find this risky. It creates an additional server secret that can leak and bugs in the elliptic curve key exchange that would be harmless without this feature could become very severe. I would therefore propose to do the same change also for ECDH and make SSL_OP_SINGLE_ECDH_USE the default. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev