ALAS-2015-569 --- nss nss-utilID: oval:org.secpod.oval:def:1200046 | Date: (C)2015-12-30 (M)2024-02-19 |
Class: PATCH | Family: unix |
A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Please note that this update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.
Platform: |
Amazon Linux AMI |