[PVE-User] Diffie-Hellman vulnerability

Karl Ståhl karl.e.stahl at gmail.com
Thu Oct 22 16:07:10 CEST 2015


Thank you!

On 2015-10-21 10:45, Wolfgang Bumiller wrote:
> As far as I can tell the most important part of this is that _clients_ reject DH
> primes < 1024 bit, as a man-in-the-middle can downgrade the connection.
>
> As for what the server supports, this mostly depends on the openssl packages
> available.
>
> # openssl s_client -connect localhost:8006 -cipher EDH |& grep 'Server Temp Key'
> Server Temp Key: DH, 1539 bits
>
> Currently uses 1539 bits, so that should be good enough.
>
>> On October 21, 2015 at 9:47 AM Karl Ståhl <karl.e.stahl at gmail.com> wrote:
>>
>>
>> Hi!
>>
>> Is this vulnerability fixed for Proxmox web interface?
>>
>> https://weakdh.org/
>>
>> /Karl
>>
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20151022/2edfe3b9/attachment.sig>


More information about the pve-user mailing list