Skip to content
  1. Jan 22, 2015
  2. Jan 15, 2015
  3. Jan 13, 2015
  4. Jan 09, 2015
  5. Jan 08, 2015
  6. Jan 07, 2015
  7. Jan 06, 2015
  8. Jan 05, 2015
    • Dr. Stephen Henson's avatar
      ECDH downgrade bug fix. · e42a2aba
      Dr. Stephen Henson authored
      
      
      Fix bug where an OpenSSL client would accept a handshake using an
      ephemeral ECDH ciphersuites with the server key exchange message omitted.
      
      Thanks to Karthikeyan Bhargavan for reporting this issue.
      
      CVE-2014-3572
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      
      (cherry picked from commit b15f8769)
      
      Conflicts:
      	CHANGES
      	ssl/s3_clnt.c
      e42a2aba