Only allow ephemeral RSA keys in export ciphersuites. (ce325c60) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit ce325c60 authored Oct 23, 2014 by

Dr. Stephen Henson

Only allow ephemeral RSA keys in export ciphersuites.



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>

parent b15f8769

Hide whitespace changes

Inline Side-by-side

Please register or to comment