git.openssl.org Git - openssl.git/commit

author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 23 Oct 2014 16:09:57 +0000 (17:09 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 6 Jan 2015 12:45:10 +0000 (12:45 +0000)
commit	4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6
tree	fa6353c22986ad01b6e62d1a460d9edd5628e1c1	tree \| snapshot
parent	1cfd7cf3ccd86566845b416fd87167536cc8cd90	commit \| diff

Only allow ephemeral RSA keys in export ciphersuites.

OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

CHANGES		diff \| blob \| history
doc/ssl/SSL_CTX_set_options.pod		diff \| blob \| history
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod		diff \| blob \| history
ssl/d1_srvr.c		diff \| blob \| history
ssl/s3_clnt.c		diff \| blob \| history
ssl/s3_srvr.c		diff \| blob \| history
ssl/ssl.h		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom