Hide Forgot
At least a 1024 bit prime should be used as the default. Generating a file with the parameters at installation time might not be feasible, but it would prevent any appearance of choosing a special prime that makes the discrete logarithm problem feasible.
Upstream fix: commit 281d1bd6515c2f0f8984fc168fb3d3b91c20bdc0 Author: Gerhard Rieger <gerhard> Date: Sun Jan 4 16:38:36 2015 +0100 FIPS requires 1024 bit DH prime
(In reply to Florian Weimer from comment #4) > Upstream fix: > > commit 281d1bd6515c2f0f8984fc168fb3d3b91c20bdc0 > Author: Gerhard Rieger <gerhard> > Date: Sun Jan 4 16:38:36 2015 +0100 > > FIPS requires 1024 bit DH prime This upstream fix: http://repo.or.cz/socat.git/commitdiff/281d1bd6515c2f0f8984fc168fb3d3b91c20bdc0 was found to be problematic - see CVE-2016-2217 / bug 1305437, and replaced with: http://repo.or.cz/socat.git/commitdiff/eab3c89f2dc0df0d9638941891e8ab233dfb0611
this fix is in 1.7.3.1 as well
Any update, why don't we upgrade socat?
+1 for this, socat has also issues when used in MariaDB Galera cluster with SSL/TLS SST - https://jira.mariadb.org/browse/MDEV-9403 Please, rebase socat to latest stable 1.7.3.1 version.
I needed it for additional fun with MariaDB, so I've rebuilt the package with COPR: https://copr.fedorainfracloud.org/coprs/mstefany/socat/
This bug is addressed by ERRATA RHBA-2017:2049-03 socat bug fix update https://errata.devel.redhat.com/advisory/26967