OpenSSL eliminates a dangerous vulnerability that allowed an attacker to decrypt HTTPS traffic

The OpenSSL developers were able to fix the dangerous vulnerability in a cryptographic package that allowed an attacker to reveal important data. The vulnerability itself appeared due to the presence of an error in the implementation of the Diffie-Hellman algorithm. In some cases, the problem caused the repeated use of identical prime numbers.

The problem is relevant for OpenSSL versions 1.0.1 and 1.0.2. Applications that are based on this version should work with groups based on a digital signature algorithm to generate ephemeral keys based on the Diffie-Hellman algorithm.

Most popular OpenSSL-dependent applications that use the specified algorithm are not vulnerable. For example, Apache uses the SSL_OP_SINGLE_DH_USE option. BoringSSL is also not endangered because it got rid of support for SSL_OP_SINGLE_DH_USE a few months ago, and LibreSSL did the same last week. But some applications and libraries still remain vulnerable while working with static SSLCipherSuite.
')
When the necessary conditions are met, the attacker can perform a multiple handshake procedure with the vulnerable server or PC. When performing a sufficient number of calculations, an attacker can obtain a part of the secret values ​​and use the Chinese remainder theorem to calculate the decryption key. More information is available here .

To fix the problem, developers have released updates 1.0.2f and 1.0.1r. Users are recommended to use them as soon as possible. Initially, two problems were announced, one of which received a high rating, the other a low one.

It is worth recalling that support for 1.0.0 and 0.9.8 ended on December 31, 2015. This year, the corresponding versions of OpenSSL will receive only security updates, new features will not be added. And on December 31 of this year, support for OpenSSL 1.0.1 stops.