projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b15f876) | patch
Only allow ephemeral RSA keys in export ciphersuites.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 23 Oct 2014 16:09:57 +0000 (17:09 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 6 Jan 2015 02:06:39 +0000 (02:06 +0000)
commitce325c60c74b0fa784f5872404b722e120e5cab0
treede2733f383b8000876ea6bfcebd82c8e27086112tree | snapshot
parentb15f8769644b00ef7283521593360b7b2135cb63commit | diff
Only allow ephemeral RSA keys in export ciphersuites.

OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
CHANGES diff | blob | history
doc/ssl/SSL_CTX_set_options.pod diff | blob | history
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod diff | blob | history
ssl/d1_srvr.c diff | blob | history
ssl/s3_clnt.c diff | blob | history
ssl/s3_srvr.c diff | blob | history
ssl/ssl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.