diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-02-17 21:07:48 -0500 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-03-01 11:20:10 +0000 |
commit | 9dfd2be8a1761fffd152a92d8f1b356ad667eea7 (patch) | |
tree | f29b72c28bb200a7790e3b5de278b6e49c779570 /CHANGES | |
parent | c175308407858afff3fc8c2e5e085d94d12edc7d (diff) |
Disable SSLv2 default build, default negotiation and weak ciphers.
SSLv2 is by default disabled at build-time. Builds that are not
configured with "enable-ssl2" will not support SSLv2. Even if
"enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either
of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
as appropriate. Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search
key recovery have been removed. Specifically, the SSLv2 40-bit
EXPORT ciphers, and SSLv2 56-bit DES are no longer available.
Mitigation for CVE-2016-0800
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -4,6 +4,23 @@ Changes between 1.0.2f and 1.0.2g [xx XXX xxxx] + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 + is by default disabled at build-time. Builds that are not configured with + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, + users who want to negotiate SSLv2 via the version-flexible SSLv23_method() + will need to explicitly call either of: + + SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); + or + SSL_clear_options(ssl, SSL_OP_NO_SSLv2); + + as appropriate. Even if either of those is used, or the application + explicitly uses the version-specific SSLv2_method() or its client and + server variants, SSLv2 ciphers vulnerable to exhaustive search key + recovery have been removed. Specifically, the SSLv2 40-bit EXPORT + ciphers, and SSLv2 56-bit DES are no longer available. + [Viktor Dukhovni] + *) Disable SRP fake user seed to address a server memory leak. Add a new method SRP_VBASE_get1_by_user that handles the seed properly. |