Skip to content
Commit d3cc5e61 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix DHE Null CKE vulnerability 



If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 34e3edbf
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment