[Pkg-openssl-devel] Bug#747453: Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection
Kurt Roeckx
kurt at roeckx.be
Thu May 8 22:24:57 UTC 2014
severity 747453 normal
thanks
I don't see how the severity of this is critical.
On Thu, May 08, 2014 at 11:23:04PM +0200, Benny Baumann wrote:
> Source: openssl
> Severity: critical
> Tags: security patch
>
> OpenSSL contains a set of arbitrary limitations on the size of accepted key
> parameters that make unrelated software fail to establish secure connections.
> The problem was found while debugging a XMPP s2s connection issue where two
> servers with long certificate keys (8192 Bit RSA) failed to establish a secure
> connection because OpenSSL rejected the handshake.
>
> The attached two patches fix the following issues:
> 1. Remove the restriction on DSA/DHE parameters to allow for arbitrary size
> 2. Increase the maximum allowed size for transmitted (client/server) keys
> from 516 byte (e.g. 4096 bit RSA) to 8200 byte (e.g. 65536 bit RSA)
More information about the Pkg-openssl-devel
mailing list