Security experts discovered a new type of man-in-the-middle attack with the vulnerability number CVE-2016-2107.
When a client uses
AES_128 (256) _CBC-related encryption suites to communicate with the server that supports AES-NI, attackers may intercept the communication data between the client and the server, and decrypt the text by padding data blocks to start a man-in-the-middle hijack.
Note: Create a snapshot for the server before fixing the vulnerability to avoid loss from fix failure.
Identify the service that calls Port 443, and then update the OpenSSL (not necessarily the OpenSSL that comes with the system) that the program depends on.
- We recommend that you update your OpenSSL to the latest version.
- OpenSSL 1.0.2 must be upgraded to 1.0.2h or later.
- OpenSSL 1.0.1 must be upgraded to 1.0.1t or later.
- OpenSSL 1.0.0 or earlier must be upgraded to 1.0.1t or later.
After the update, restart the service that calls Port 443.