You are here

OpenSSL Vulnerabilities fixed in Version 1.0.1e

CVE-2016-0701, CVE-2015-3197
OpenSSL, DH, SSLv2

On January 28, 2016, OpenSSL announced the discovery of two vulnerabilities [1].

Airlock WAF is not affected.

CVE-2016-0701: affects OpenSSL 1.0.2 exclusively. This version is not used in Airlock WAF up to now

CVE-2015-3197: The protocol SSLv2 is disabled at compile time, so the corresponding ciphers can't be used

Additionally OpenSSL increased the minimal DH parameter sizes from 768 to 1024 bits. This has only an effect, when the used certificates have smaller key sizes. We recommend to use at least 2048 bits for RSA private keys.


No action required

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required