OpenSSL v1.0.1.q Release Notes
Release Date: 2016-01-28 // about 8 years ago-
- Protection for DH small subgroup attacks
As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact.
Matt Caswell
- SSLv2 doesn't block disabled ciphers
A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2.
This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and Sebastian Schinzel. [CVE-2015-3197][]
Viktor Dukhovni
- Reject DH handshakes with parameters shorter than 1024 bits.
Kurt Roeckx