"Maintainers of the OpenSSL cryptographic code library have fixed a
high-severity vulnerability that made it possible for attackers to
obtain the key that decrypts communications secured in HTTPS and other
transport layer security channels.
While the potential impact is high, the vulnerability can be exploited
only when a variety of conditions are met. First, it's present only in
OpenSSL version 1.0.2. Applications that rely on it must use groups
based on the digital signature algorithm to generate ephemeral keys
based on the Diffie Hellman key exchange. By default, servers that do
this will reuse the same private Diffie-Hellman exponent for the life
of the server process, and that makes them vulnerable to the
key-recovery attack. DSA-based Diffie-Hellman configurations that rely
on a static Diffie-Hellman ciphersuite are also susceptible."
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174