-
Dr. Stephen Henson authored
OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by:Matt Caswell <matt@openssl.org>
ce325c60
To find the state of this project's repository at the time of any of these versions, check out the tags.