This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
OpenSSL project reports :
- Historically OpenSSL only ever generated DH parameters based on
'safe' primes. More recently (in version 1.0.2) support was provided
for generating X9.42 style parameter files such as those required for
RFC 5114 support. The primes used in such files may not be 'safe'.
Where an application is using DH configured with parameters based on
primes that are not 'safe' then an attacker could use this fact to
find a peer's private DH exponent. This attack requires that the
attacker complete multiple handshakes in which the peer uses the same
private DH exponent. For example this could be used to discover a TLS
server's private DH exponent if it's reusing the private DH exponent
or it's using a static DH ciphersuite. OpenSSL provides the option
SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by
default. If the option is not set then the server reuses the same
private DH exponent for the life of the server process and would be
vulnerable to this attack. It is believed that many popular
applications do set this option and would therefore not be at risk.
- A malicious client can negotiate SSLv2 ciphers that have been
disabled on the server and complete SSLv2 handshakes even if all SSLv2
ciphers have been disabled, provided that the SSLv2 protocol was not
also disabled via SSL_OP_NO_SSLv2. (CVE-2015-3197)
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3