Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
kingkilr
on Jan 28, 2016
|
parent
|
context
|
favorite
| on:
OpenSSL Key Recovery Attack on DH small subgroups ...
Super happy that the OpenSSL team decided to be proactive and just enable `SSL_OP_SINGLE_DH_USE` for all users, as well as bump the minimum DH key size. Better defaults for everyone!
DannyBee
on Jan 28, 2016
|
next
[–]
Yeah, and it looks like BoringSSL did that about a year ago :)
https://boringssl.googlesource.com/boringssl/+/9f226a5f5183e...
kingkilr
on Jan 28, 2016
|
parent
|
next
[–]
David's the best :-)
hannob
on Jan 28, 2016
|
prev
|
next
[–]
Interesting that the corresponding ECDH option is still disabled by default and ephemeral keys are cached.
unscaled
on Jan 28, 2016
|
prev
[–]
It's about time they did. I always wondered why this was disabled by default.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: