Only allow ephemeral RSA keys in export ciphersuites. (37580f43) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 37580f43 authored Oct 23, 2014 by

Dr. Stephen Henson

Only allow ephemeral RSA keys in export ciphersuites.



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc)

Conflicts:
	doc/ssl/SSL_CTX_set_options.pod

parent ef28c6d6

Hide whitespace changes

Inline Side-by-side

Please register or to comment