[PVE-User] Diffie-Hellman vulnerability
Wolfgang Bumiller
w.bumiller at proxmox.com
Wed Oct 21 10:45:06 CEST 2015
As far as I can tell the most important part of this is that _clients_ reject DH
primes < 1024 bit, as a man-in-the-middle can downgrade the connection.
As for what the server supports, this mostly depends on the openssl packages
available.
# openssl s_client -connect localhost:8006 -cipher EDH |& grep 'Server Temp Key'
Server Temp Key: DH, 1539 bits
Currently uses 1539 bits, so that should be good enough.
> On October 21, 2015 at 9:47 AM Karl Ståhl <karl.e.stahl at gmail.com> wrote:
>
>
> Hi!
>
> Is this vulnerability fixed for Proxmox web interface?
>
> https://weakdh.org/
>
> /Karl
>
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
More information about the pve-user
mailing list