QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-20 05:19:40 +00:00
Code Issues Projects Releases Wiki Activity
openssl/ssl
History
Dr. Stephen Henson 72f1815391 Only allow ephemeral RSA keys in export ciphersuites. 
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6)

Conflicts:
	CHANGES
	doc/ssl/SSL_CTX_set_options.pod
	ssl/d1_srvr.c
	ssl/s3_srvr.c
2015-01-06 13:27:22 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
PR: 2529
2011-05-25 15:15:43 +00:00
d1_both.c
Remove some duplicate DTLS code.
2014-08-06 22:02:00 +01:00
d1_clnt.c
Fix DTLS anonymous EC(DH) denial of service
2014-08-06 22:02:00 +01:00
d1_enc.c
Update DTLS code to match CBC decoding in TLS.
2013-02-05 16:50:33 +00:00
d1_lib.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:18:29 +02:00
d1_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
d1_pkt.c
DTLS message_sequence number wrong in rehandshake ServerHello
2013-08-13 19:00:59 +01:00
d1_srvr.c
Only allow ephemeral RSA keys in export ciphersuites.
2015-01-06 13:27:22 +00:00
dtls1.h
Support TLS_FALLBACK_SCSV.
2014-10-15 04:18:29 +02:00
install.com
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
2009-05-15 16:37:29 +00:00
kssl_lcl.h
To avoid commit wars over dependencies, let's make it so things that
2001-10-10 07:55:02 +00:00
kssl.c
Submitted by: Tomas Hoger <thoger@redhat.com>
2010-03-03 15:34:11 +00:00
kssl.h
Make kerberos ciphersuite code work with newer header files
2005-04-09 23:55:55 +00:00
Makefile
RT3067: simplify patch
2014-09-24 16:01:46 +02:00
s2_clnt.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
s2_enc.c
ensure that the EVP_CIPHER_CTX object is initialized
2007-02-16 20:40:07 +00:00
s2_lib.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:18:29 +02:00
s2_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
s2_srvr.c
Assorted bugfixes:
2011-02-03 12:04:48 +00:00
s3_both.c
Add and use a constant-time memcmp.
2013-02-05 16:50:32 +00:00
s3_cbc.c
RT3066: rewrite RSA padding checks to be slightly more constant time.
2014-09-24 14:39:44 +02:00
s3_clnt.c
Only allow ephemeral RSA keys in export ciphersuites.
2015-01-06 13:27:22 +00:00
s3_enc.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:18:29 +02:00
s3_lib.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:18:29 +02:00
s3_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
s3_pkt.c
RT3060: Limit the number of empty records.
2014-08-22 15:53:34 +02:00
s3_srvr.c
Only allow ephemeral RSA keys in export ciphersuites.
2015-01-06 13:27:22 +00:00
s23_clnt.c
Fix no-ssl3 configuration option
2014-10-15 08:46:57 -04:00
s23_lib.c
Fix ECC SSLv2 exclusion on OpenSSL 0.9.8.
2014-07-07 13:00:07 +01:00
s23_meth.c
make "./configure no-ssl2" work again
2006-01-15 16:57:01 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Fix warning
2014-10-21 21:32:50 +02:00
ssl2.h
Implement msg_callback for SSL 2.0.
2001-11-10 01:16:28 +00:00
ssl3.h
Support TLS_FALLBACK_SCSV.
2014-10-15 04:18:29 +02:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
2010-04-07 13:19:48 +00:00
ssl_asn1.c
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
ssl_cert.c
PR: 1731 and maybe 2197
2010-03-24 23:16:35 +00:00
ssl_ciph.c
Fix off-by-one errors in ssl_cipher_get_evp()
2014-06-22 23:26:33 +01:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:18:29 +02:00
ssl_lib.c
When processing ClientHello.cipher_suites, don't ignore cipher suites
2014-10-21 22:33:03 +02:00
ssl_locl.h
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
2013-02-07 15:03:00 +00:00
ssl_rsa.c
PR: 1411
2009-09-12 23:09:59 +00:00
ssl_sess.c
PR: 2160
2010-02-01 16:48:40 +00:00
ssl_stat.c
Don't disable state strings with no-ssl2
2014-06-28 00:57:18 +01:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Add strings for DTLS protocol versions
2010-01-16 19:02:43 +00:00
ssl-lib.com
Add t1_reneg to the VMS build.
2010-02-22 07:05:24 +00:00
ssl.h
Only allow ephemeral RSA keys in export ciphersuites.
2015-01-06 13:27:22 +00:00
ssltest.c
Fix in ssltest is no-ssl2 configured
2013-02-11 18:27:33 +00:00
t1_clnt.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
t1_enc.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:18:29 +02:00
t1_lib.c
Fix for session tickets memory leak.
2014-10-15 08:46:57 -04:00
t1_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 23:03:40 +00:00
t1_srvr.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
tls1.h
Oops -- fix typo in coment added with TLS_FALLBACK_SCSV support.
2014-10-15 04:26:29 +02:00