projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 878e2c5) | patch
Always generate DH keys for ephemeral DH cipher suites
authorMatt Caswell <matt@openssl.org>
Thu, 17 Dec 2015 02:57:20 +0000 (02:57 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 28 Jan 2016 13:49:56 +0000 (13:49 +0000)
commitc5b831f21d0d29d1e517d139d9d101763f60c9a2
tree2aebad0d6d8665b8ea93cce5571d659ba7ff882etree | snapshot
parent878e2c5b13010329c203f309ed0c8f2113f85648commit | diff
Always generate DH keys for ephemeral DH cipher suites

Modified version of the commit ffaef3f15 in the master branch by Stephen
Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
generates a new DH key for every handshake regardless.

CVE-2016-0701 (fix part 2 or 2)

Issue reported by Antonio Sanso

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod diff | blob | history
ssl/s3_lib.c diff | blob | history
ssl/s3_srvr.c diff | blob | history
ssl/ssl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.