About the OpenSSL encryption algorithm hack vulnerability

One, the vulnerability situation introduction

OpenSSL is a common open source encryption library that implements Secure Sockets Layer and secure Transport layer protocol, which can support many encryption algorithms, including symmetric cipher, hashing algorithm, secure hashing algorithm, etc.

OpenSSL there is an encryption algorithm to exploit the vulnerability, but the vulnerability requires the following conditions: OpenSSL version is 1.0.2-1.0.2e; the temporary key generated by the signing algorithm of an application that relies on OpenSSL must be based on the Diffie-hellman key exchange algorithm. By default, the same temporary key is reused by the server, which makes the server vulnerable to key coverage attacks. When the above conditions are met, the attacker can send a large number of handshake requests through the server, and when enough computation data has been completed, the attacker can obtain a partial key value and finally derive the decryption key with the result of the Chinese remainder theorem.

The national information Security vulnerability Sharing Platform (CNVD) comprehensively rated the vulnerability as "high risk."

Second, the impact of the scope of vulnerability

The vulnerability affects the OpenSSL 1.0.2-1.0.2e version. Because OpenSSL is widely used in some large-scale Internet enterprises, such as Web sites, VPN, mail, instant chat, and other types of servers, so the service provider and users of a large range of threats, more serious impact.

Third, the bug fixes the suggestion

At present, the manufacturer has released the 1.0.2f version to fix the vulnerability, it is recommended that relevant users to download and use in a timely manner to avoid the network security events related to the vulnerability.

https://www.openssl.org/source/

Querying the OpenSSL version command

#openssl version

#openssl version-a

About the OpenSSL encryption algorithm hack vulnerability