OpenSSL users should upgrade immediately to eliminate a serious flaw that could be exploited to decrypt Web traffic, experts warn. The flaw centers on how OpenSSL uses the Diffie-Hellman algorithm for HTTPS connections. In some cases, the numbers generated by the algorithm may be “non-safe primes,” leaving them susceptible to an attacker. The fix arrived just two weeks after the flaw was first reported to OpenSSL – on Jan. 12 – by Adobe software engineer Antonio Sanso, who’s also vice president of the Apache Software Foundation.”]
Source: https://www.govinfosecurity.com/openssl-flaw-enables-https-decryption-a-8834