Only allow ephemeral RSA keys in export ciphersuites.

OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2014-10-23 17:09:57 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-01-06 02:06:39 +0000
commit: ce325c60c74b0fa784f5872404b722e120e5cab0 (patch)
tree: de2733f383b8000876ea6bfcebd82c8e27086112 /CHANGES
parent: b15f8769644b00ef7283521593360b7b2135cb63 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 0252eb5706..c9c19c3ae3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -666,6 +666,14 @@
      (CVE-2014-3572)
      [Steve Henson]
 
+  *) Remove non-export ephemeral RSA code on client and server. This code
+     violated the TLS standard by allowing the use of temporary RSA keys in
+     non-export ciphersuites and could be used by a server to effectively
+     downgrade the RSA key length used to a value smaller than the server
+     certificate. Thanks for Karthikeyan Bhargavan for reporting this issue.
+     (CVE-2015-0204)
+     [Steve Henson]
+
   *) Ensure that the session ID context of an SSL is updated when its
      SSL_CTX is updated via SSL_set_SSL_CTX.
author	Dr. Stephen Henson <steve@openssl.org>	2014-10-23 17:09:57 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-01-06 02:06:39 +0000
commit	ce325c60c74b0fa784f5872404b722e120e5cab0 (patch)
tree	de2733f383b8000876ea6bfcebd82c8e27086112 /CHANGES
parent	b15f8769644b00ef7283521593360b7b2135cb63 (diff)