LogJam exploit can force TLS down to 512 bytes, does it affect us? ?
Royce Williams
royce at tycho.org
Thu May 21 14:32:15 UTC 2015
On Thu, May 21, 2015 at 6:21 AM, Mark Felder <feld at freebsd.org> wrote:
>
>
> On Wed, May 20, 2015, at 17:48, Xin Li wrote:
> ]>
> > Well, currently OpenSSL do accept weak DH so _arguably_ it does affect
> > FreeBSD, and it's likely to break existing applications if we enforce
> > such restrictions (namely, Java 6).
> >
>
> AFAIK, Java doesn't support >1024 DH key until Java 8.
According to the simulated handshakes in the Qualys SSL Labs test results,
Java 7 is OK with DH at 2048.
Royce
More information about the freebsd-ports
mailing list