oss-sec mailing list archives
Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 11 Mar 2016 17:56:34 +0100
On Fri, 11 Mar 2016 11:49:48 -0500 (EST) cve-assign () mitre org wrote:
The release notes[1] are confusing, as they mention only problems with keys smaller than 2048 bit, but I was also able to reproduce this issue with 4096 bit keys. [1] http://proftpd.org/docs/RELEASE_NOTES-1.3.5bWe are not sure why this would be confusing.
Yes, I also noted now that this refers to an unrelated issue. The DH issue was not mentioned in the release notes at first, now the author has changed that. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters Hanno Böck (Mar 11)
- Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters cve-assign (Mar 11)
- Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters Hanno Böck (Mar 11)
- Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters cve-assign (Mar 11)