You are here
OpenSSL Vulnerabilities fixed in Version 1.0.1e
Submitted on 29. January 2016 - 9:09 by rischi.
Last update on 29. January 2016 - 16:09.
Last update on 29. January 2016 - 16:09.
IDs:
CVE-2016-0701, CVE-2015-3197
Keywords:
OpenSSL, DH, SSLv2
Description:
On January 28, 2016, OpenSSL announced the discovery of two vulnerabilities [1].
Airlock WAF is not affected.
CVE-2016-0701: affects OpenSSL 1.0.2 exclusively. This version is not used in Airlock WAF up to now
CVE-2015-3197: The protocol SSLv2 is disabled at compile time, so the corresponding ciphers can't be used
Additionally OpenSSL increased the minimal DH parameter sizes from 768 to 1024 bits. This has only an effect, when the used certificates have smaller key sizes. We recommend to use at least 2048 bits for RSA private keys.
Resolution:
No action required
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required