Skip to content
Commit 37580f43 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Only allow ephemeral RSA keys in export ciphersuites.



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarTim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc)

Conflicts:
	doc/ssl/SSL_CTX_set_options.pod
parent ef28c6d6
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment