Какие чудеса opensource я четыре месяца назад пропустил: встречайте - socat
Socat security advisory 7 - Created new 2048bit DH modulus
Overview
In the OpenSSL address implementation the hard coded 1024 bit DH p parameter was not prime. The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p. Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out.
A new prime modulus p parameter has been generated by Socat developer using OpenSSL dhparam command.
In addition the new parameter is 2048 bit long.
Vulnerability Ids:
Socat security issue 7
MSVR-1499
http://www.openwall.com/lists/oss-security/2016/02/01/4
Для понимания уровня веселья:
http://www.dest-unreach.org/socat/
https://en.wikipedia.org/wiki/Socat
Overview
In the OpenSSL address implementation the hard coded 1024 bit DH p parameter was not prime. The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p. Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out.
A new prime modulus p parameter has been generated by Socat developer using OpenSSL dhparam command.
In addition the new parameter is 2048 bit long.
Vulnerability Ids:
Socat security issue 7
MSVR-1499
http://www.openwall.com/lists/oss-security/2016/02/01/4
Для понимания уровня веселья:
http://www.dest-unreach.org/socat/
https://en.wikipedia.org/wiki/Socat