Vulnerability in OpenSSL (CVE-2015-0204)

2015-01-06T00:00:00
ID OPENSSL:CVE-2015-0204
Type openssl
Reporter OpenSSL
Modified 2015-01-06T00:00:00

Description

An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session. Reported by Karthikeyan Bhargavan of the PROSECCO team at INRIA.