diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-23 17:09:57 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 02:06:39 +0000 |
commit | ce325c60c74b0fa784f5872404b722e120e5cab0 (patch) | |
tree | de2733f383b8000876ea6bfcebd82c8e27086112 /CHANGES | |
parent | b15f8769644b00ef7283521593360b7b2135cb63 (diff) |
Only allow ephemeral RSA keys in export ciphersuites.
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -666,6 +666,14 @@ (CVE-2014-3572) [Steve Henson] + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + (CVE-2015-0204) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. |