OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.A flaw was found in the way the TLS protocol composes the Diffie-Hellman(DH) key exchange. A man-in-the-middle attacker could use this flaw toforce the use of weak 512 bit export-grade keys during the key exchange,allowing them do decrypt all traffic. (CVE-2015-4000)Note: This update forces the TLS/SSL client implementation in OpenSSL toreject DH key sizes below 768 bits, which prevents sessions to bedowngraded to export-grade keys. Future updates may raise this limit to1024 bits.All openssl users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. For the update to takeeffect, all services linked to the OpenSSL library must be restarted, orthe system rebooted.