diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-23 17:09:57 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 13:27:22 +0000 |
commit | 72f181539118828ca966a0f8d03f6428e2bcf0d6 (patch) | |
tree | 634e6010fe0142661f0002fe6e9af57f874165c2 /.cvsignore | |
parent | e42a2abadc90664e2615dc63ba7f79cf163f780a (diff) |
Only allow ephemeral RSA keys in export ciphersuites.
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6)
Conflicts:
CHANGES
doc/ssl/SSL_CTX_set_options.pod
ssl/d1_srvr.c
ssl/s3_srvr.c
Diffstat (limited to '.cvsignore')
0 files changed, 0 insertions, 0 deletions