As far as I can tell the most important part of this is that _clients_ reject DH primes < 1024 bit, as a man-in-the-middle can downgrade the connection.
As for what the server supports, this mostly depends on the openssl packages available. # openssl s_client -connect localhost:8006 -cipher EDH |& grep 'Server Temp Key' Server Temp Key: DH, 1539 bits Currently uses 1539 bits, so that should be good enough. > On October 21, 2015 at 9:47 AM Karl Ståhl <[email protected]> wrote: > > > Hi! > > Is this vulnerability fixed for Proxmox web interface? > > https://weakdh.org/ > > /Karl > > > _______________________________________________ > pve-user mailing list > [email protected] > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
