AnsweredAssumed Answered

DH small sub-group attack

Question asked by Naveen Madav on Feb 22, 2016
Latest reply on Feb 26, 2016 by Naveen Madav

I understood from the description that whoever is using openssl version 1.0.2x before 1.0.2f are vulnerable. But I am having 1.0.2a installed in my server and we have DH/DHE cipher suites configured in it.


But still SSLLabs shows that our server is not vulnerable to this DH small sub-group attack.


DH public server param (Ys) reuse



My question is: Is this check really mean the status of this vulnerability - CVE 2016-0701?


If yes, could you please let me know how can I set up a server that is vulnerable and SSLLabs shows


DH public server param (Ys) reuse