packages/openssl.txt


1
2
3
4
5
6
7

NOTE: CVE-2015-4000 is not completely fixed.  We need to raise the
minimum DH key length to 1024, but shouldn't do this while many
servers still use 768 bits.  To set up a server to test against,
edit ssl_dh_GetTmpParam() in apache2's modules/ssl/ssl_engine_dh.c
to always return a short key.

Drop this file once this has been done in all supported releases.