[CONTROLLER-1353] [SECURITY] LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks CVE-2015-4000 Created: 03/Jun/15  Updated: 19/Oct/17  Resolved: 16/Jun/15

Status: Resolved
Project: controller
Component/s: karaf
Affects Version/s: Helium
Fix Version/s: None

Type: Bug
Reporter: David Jorm Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All

Issue Links:
Blocks
is blocked by CONTROLLER-1354 [SECURITY] LOGJAM: TLS connections wh... Resolved
External issue ID: 3551
Priority: Normal

 Description   

Various components of OpenDaylight are affected by the LOGJAM TLS downgrade vulnerability:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000

 Comments   
Comment by Colin Dixon [ 09/Jun/15 ]

See more information at BUG3552.

Comment by Maros Marsalek [ 15/Jun/15 ]

3552 cherry-picked for Helium:
https://git.opendaylight.org/gerrit/#/c/22619/

Generated at Wed Feb 07 19:55:19 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.