Bugzilla – Bug 938905
VUL-1: inn: The Logjam Attack / weakdh.org
Last modified: 2017-03-02 14:10:58 UTC
+++ This bug was initially created as a clone of Bug #931600 +++
INN uses a DH param selection that would violate logjam constraints.
static DH *tmp_dh_cb(SSL *s UNUSED, int export UNUSED, int keylength)
selects depending on keysize 512, 1024, ... or bitlength(key) DH parameters.
It should only selects DH parameters >= 1024 bit.
This would happen for customers with old RSA keys < 1024 bits.
if (keylength < 1024) keylength = 1024;
at the begin of this function.
(as probably only a small number of customers use inn and use inn with ssl, this can be delayed a bit)
bugbot adjusting priority