Skip to content
Commit 4b4c1fcc authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Only allow ephemeral RSA keys in export ciphersuites.



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent 1cfd7cf3
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment