Hi, On Thu, May 21, 2015 at 03:58:05PM +0200, Jan Just Keijser wrote: > On 21/05/15 15:11, Kapetanakis Giannis wrote: > > Just a heads up on this new attack > > https://weakdh.org/ > > the short gist of this attack is: upgrade your DH param file to 2048 > bits or more otherwise you're vulnerable :)
"might be vulnerable". As long as every installation actually has
their *own* DH file (instead of copying around the same file everywhere,
generate a new one with "openssl dhparam -out <filename> <bitsize>"),
things are not as bad.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp3UJGSTBbSL.pgp
Description: PGP signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
