Skip to content
  1. Jan 28, 2016
    • Matt Caswell's avatar
      Always generate DH keys for ephemeral DH cipher suites · 8bc643ef
      Matt Caswell authored
      Modified version of the commit ffaef3f1
      
       in the master branch by Stephen
      Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
      generates a new DH key for every handshake regardless.
      
      This is a follow on from CVE-2016-0701. This branch is not impacted by
      that CVE because it does not support X9.42 style parameters. It is still
      possible to generate parameters based on primes that are not "safe",
      although by default OpenSSL does not do this. The documentation does
      sign post that using such parameters is unsafe if the private DH key is
      reused. However to avoid accidental problems or future attacks this commit
      has been backported to this branch.
      
      Issue reported by Antonio Sanso
      
      Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
      8bc643ef
  2. Jan 19, 2016
  3. Jan 17, 2016
  4. Jan 14, 2016
  5. Jan 10, 2016
  6. Jan 05, 2016
  7. Dec 28, 2015
  8. Dec 27, 2015
  9. Dec 22, 2015
  10. Dec 20, 2015
  11. Dec 19, 2015
  12. Dec 18, 2015
  13. Dec 16, 2015
  14. Dec 14, 2015
  15. Dec 10, 2015
  16. Dec 09, 2015
  17. Dec 08, 2015
  18. Dec 07, 2015
  19. Dec 03, 2015