OpenSSL users should upgrade immediately to eliminate a serious security flaw that could be exploited. The flaw centers on how OpenSSL uses the Diffie-Hellman algorithm for HTTPS connections. In some cases, the numbers generated by the algorithm may be “non-safe primes,” leaving them susceptible to an attacker. The fix arrived just two weeks after the flaw was first reported to OpenSSL by Adobe software engineer Antonio Sanso. The OpenSSL project says it doesn’t believe the flaw is widespread, owing to many users employing an OpenSSL option.”]
Source: https://www.careersinfosecurity.com/openssl-flaw-enables-https-decryption-a-8834