There is a new security vulnerability called Logjam focused on Diffie–Hellman. This vulnerability allows a man-in-the-middle network attacker to downgrade a TLS connection to use export-grade cryptography, allowing him to read the exchanged data and inject data into the connection: http://en.wikipedia.org/wiki/Logjam_%28computer_security%29 https://weakdh.org/ https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ These days we scanned our products. All our releases are effected and several user space packages need to be modified for it. For some packages like openssl and openssh, a serial patches are needed to be integrated into source file. below is the list of related packages: Openssl Openssh Apache Nginx Lighttpd Postfix Dovecot http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
