projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dd94c37) | patch
Don't fail the connection in SSLv3 if server selects ECDHE
authorMatt Caswell <matt@openssl.org>
Wed, 12 Apr 2017 16:02:42 +0000 (17:02 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 24 Apr 2017 15:15:40 +0000 (16:15 +0100)
commit8af91fd9d08487e0dffb6ccac5f42633c964f3f0
treea10e449c9918e9264f91d93e25f597ebbcaf37b5tree | snapshot
parentdd94c37a5c2f783102b125c620000b9719c662d3commit | diff
Don't fail the connection in SSLv3 if server selects ECDHE

ECDHE is not properly defined for SSLv3. Commit fe55c4a2 prevented ECDHE
from being selected in that protocol. However, historically, servers do
still select ECDHE anyway so that commit causes interoperability problems.
Clients that previously worked when talking to an SSLv3 server could now
fail.

This commit introduces an exception which enables a client to continue in
SSLv3 if the server selected ECDHE.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3204)
ssl/ssl_lib.c diff | blob | history
ssl/ssl_locl.h diff | blob | history
ssl/statem/statem_clnt.c diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.