projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ef28c6d) | patch
Only allow ephemeral RSA keys in export ciphersuites.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 23 Oct 2014 16:09:57 +0000 (17:09 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 6 Jan 2015 13:14:05 +0000 (13:14 +0000)
commit37580f43b5a39f5f4e920d17273fab9713d3a744
tree3fe0ba2545a37f4636eadd5c135258b0190b24a4tree | snapshot
parentef28c6d6767a6a30df5add36171894c96628fe98commit | diff
Only allow ephemeral RSA keys in export ciphersuites.

OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6)

Conflicts:
doc/ssl/SSL_CTX_set_options.pod
CHANGES diff | blob | history
doc/ssl/SSL_CTX_set_options.pod diff | blob | history
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod diff | blob | history
ssl/d1_srvr.c diff | blob | history
ssl/s3_clnt.c diff | blob | history
ssl/s3_srvr.c diff | blob | history
ssl/ssl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.