Описание
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even wh...
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.5+ only |
| esm-apps/bionic | not-affected | 3.5+ only |
| esm-apps/xenial | not-affected | 3.5+ only |
| esm-infra/focal | not-affected | 3.5+ only |
| jammy | not-affected | 3.5+ only |
| noble | not-affected | 3.5+ only |
| questing | not-affected | 3.5+ only |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | uses system openssl |
| esm-apps/bionic | not-affected | 3.5+ only |
| esm-apps/focal | not-affected | uses system openssl |
| esm-apps/jammy | needed | |
| esm-apps/noble | not-affected | uses system openssl |
| esm-apps/xenial | not-affected | 3.5+ only |
| esm-infra-legacy/trusty | not-affected | uses system openssl |
| jammy | needed | |
| noble | not-affected | uses system openssl |
| questing | not-affected | uses system openssl |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-infra-legacy/trusty | not-affected | 3.5+ only |
| esm-infra/bionic | not-affected | 3.5+ only |
| esm-infra/focal | not-affected | 3.5+ only |
| esm-infra/xenial | not-affected | 3.5+ only |
| fips-preview/jammy | not-affected | 3.5+ only |
| fips-updates/bionic | not-affected | 3.5+ only |
| fips-updates/focal | not-affected | 3.5+ only |
| fips-updates/jammy | not-affected | 3.5+ only |
| fips-updates/xenial | not-affected | 3.5+ only |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| fips-preview/jammy | not-affected | 3.5+ only |
| fips-updates/jammy | not-affected | 3.5+ only |
| fips-updates/noble | not-affected | 3.5+ only |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | not-affected | 3.5+ only |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even whe
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the exp ...
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even ...
EPSS
7.5 High
CVSS3