Fix DHE Null CKE vulnerability (d3cc5e61) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Commit d3cc5e61 authored Mar 10, 2015 by

Matt Caswell

Fix DHE Null CKE vulnerability



If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: Richard Levitte <levitte@openssl.org>

parent 34e3edbf

Hide whitespace changes

Inline Side-by-side

Please register or to comment