Only allow ephemeral RSA keys in export ciphersuites. (72f18153) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 72f18153 authored Oct 23, 2014 by

Dr. Stephen Henson

Only allow ephemeral RSA keys in export ciphersuites.



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc)

Conflicts:
	CHANGES
	doc/ssl/SSL_CTX_set_options.pod
	ssl/d1_srvr.c
	ssl/s3_srvr.c

parent e42a2aba

Hide whitespace changes

Inline Side-by-side

Please register or to comment