git.openssl.org Git - openssl.git/commit

author	Dmitry Belyavsky <beldmit@gmail.com>
	Mon, 19 Sep 2016 15:05:53 +0000 (16:05 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 21 Sep 2016 23:25:58 +0000 (00:25 +0100)
commit	ab650f07a0dabc01a4410f8f702c3cea7932da62
tree	4ce37242a0ab9cdd2e3bd19979d534ddbc34a0d7	tree \| snapshot
parent	2c0d295e26306e15a92eb23a84a1802005c1c137	commit \| diff

Avoid KCI attack for GOST

Russian GOST ciphersuites are vulnerable to the KCI attack because they use
long-term keys to establish the connection when ssl client authorization is
on. This change brings the GOST implementation into line with the latest
specs in order to avoid the attack. It should not break backwards
compatibility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

ssl/s3_clnt.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom