Date: Fri, 11 Mar 2016 17:56:34 +0100 From: Hanno Böck <hanno@...eck.de> To: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters On Fri, 11 Mar 2016 11:49:48 -0500 (EST) cve-assign@...re.org wrote: > > The release notes are confusing, as they mention only problems > > with keys smaller than 2048 bit, but I was also able to reproduce > > this issue with 4096 bit keys. > >  http://proftpd.org/docs/RELEASE_NOTES-1.3.5b > > We are not sure why this would be confusing. Yes, I also noted now that this refers to an unrelated issue. The DH issue was not mentioned in the release notes at first, now the author has changed that. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.