openssl - Mirror of https://github.com/openssl/openssl

diff options

author	Dr. Stephen Henson <steve@openssl.org>	2014-10-23 17:09:57 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-01-06 13:27:22 +0000
commit	72f181539118828ca966a0f8d03f6428e2bcf0d6 (patch)
tree	634e6010fe0142661f0002fe6e9af57f874165c2 /bugs
parent	e42a2abadc90664e2615dc63ba7f79cf163f780a (diff)

Only allow ephemeral RSA keys in export ciphersuites.

OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6) Conflicts: CHANGES doc/ssl/SSL_CTX_set_options.pod ssl/d1_srvr.c ssl/s3_srvr.c

Diffstat (limited to 'bugs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: