Skip to content
Commit b19d8143 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix DHE Null CKE vulnerability



If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 76343947
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment