AnsweredAssumed Answered

DH small sub-group attack

Question asked by Naveen Madav on Feb 22, 2016
Latest reply on Feb 26, 2016 by Naveen Madav

I understood from the description that whoever is using openssl version 1.0.2x before 1.0.2f are vulnerable. But I am having 1.0.2a installed in my server and we have DH/DHE cipher suites configured in it.

 

But still SSLLabs shows that our server is not vulnerable to this DH small sub-group attack.

 

DH public server param (Ys) reuse

No

 

My question is: Is this check really mean the status of this vulnerability - CVE 2016-0701?

 

If yes, could you please let me know how can I set up a server that is vulnerable and SSLLabs shows

 

DH public server param (Ys) reuse

Yes

 

Thanks!

Outcomes