openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	72f1815391	Only allow ephemeral RSA keys in export ciphersuites. OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6) Conflicts: CHANGES doc/ssl/SSL_CTX_set_options.pod ssl/d1_srvr.c ssl/s3_srvr.c	2015-01-06 13:27:22 +00:00
Rich Salz	85dcce7c63	Merge branch 'rsalz-docfixes' (cherry picked from commit b5071dc2f67d7667ab3cbbe50a30342f999b896a) Conflicts: doc/apps/s_client.pod doc/apps/verify.pod doc/apps/x509v3_config.pod doc/crypto/ASN1_generate_nconf.pod doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod doc/ssl/SSL_CONF_cmd.pod doc/ssl/SSL_CONF_cmd_argv.pod doc/ssl/SSL_CTX_set_cert_cb.pod doc/ssl/SSL_CTX_set_security_level.pod	2014-07-03 12:35:40 -04:00
Rob Stradling	cadbbd51c8	Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.	2013-10-04 14:55:01 +01:00
Dr. Stephen Henson	7890b562bc	fix for CVE-2010-4180	2010-12-02 18:49:28 +00:00
Dr. Stephen Henson	6ae9770d34	clarify documentation	2010-02-18 12:42:03 +00:00
Dr. Stephen Henson	442ac8d259	Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway.	2010-02-17 18:37:47 +00:00
Dr. Stephen Henson	68be98d1a6	update references to new RI RFC	2010-02-12 22:02:07 +00:00
Dr. Stephen Henson	33d7b5ec07	reword RI description	2010-01-27 18:53:59 +00:00
Dr. Stephen Henson	4b38f35e72	update documentation to reflect new renegotiation options	2010-01-27 17:50:47 +00:00
Dr. Stephen Henson	37aff2199e	Typo	2010-01-05 17:50:12 +00:00
Dr. Stephen Henson	7a8a3ef4f6	clarify docs	2009-12-09 18:17:21 +00:00
Dr. Stephen Henson	98c7b0367d	Document option clearning functions. Initial secure renegotiation documentation.	2009-12-09 18:01:07 +00:00
Dr. Stephen Henson	29c0866b38	Update docs and NEWS file.	2007-08-23 22:53:57 +00:00
Dr. Stephen Henson	0214ea0dfe	Update from HEAD.	2007-08-23 22:49:42 +00:00
Mark J. Cox	64932f9e4a	Add fixes for CAN-2005-2969 Bump release ready for OpenSSL_0_9_8a tag	2005-10-11 10:16:21 +00:00
Dr. Stephen Henson	e27a259696	Doc fixes.	2005-03-22 17:55:33 +00:00
Richard Levitte	d177e6180d	Spelling errors. PR: 538	2003-03-20 11:41:59 +00:00
Lutz Jänicke	2edcb4ac71	Typos in links between manual pages Submitted by: Richard.Koenning@fujitsu-siemens.com Reviewed by: PR: 129	2002-07-10 19:35:54 +00:00
Bodo Möller	c21506ba02	New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC vulnerability workaround (included in SSL_OP_ALL). PR: #90	2002-06-14 12:21:11 +00:00
Bodo Möller	51008ffce1	document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	2001-10-17 11:56:26 +00:00
Ulf Möller	3b80e3aa9e	ispell	2001-09-07 06:13:40 +00:00
Ulf Möller	f2ab7d1392	typo.	2001-08-22 18:35:17 +00:00
Lutz Jänicke	06da6e4977	Don't disable rollback attack detection as a recommended bug workaround.	2001-08-03 08:45:13 +00:00
Lutz Jänicke	37f599bcec	Reworked manual pages with a lot of input from Bodo Moeller.	2001-07-31 15:04:50 +00:00
Lutz Jänicke	4db48ec0bd	Documentation about ephemeral key exchange	2001-07-21 11:02:17 +00:00
Ulf Möller	52d160d85d	ispell	2001-02-16 02:09:53 +00:00
Lutz Jänicke	1b65ce7db3	Update for 0.9.7 with SSL_OP_CIPHER_SERVER_PREFERENCE.	2001-02-10 16:21:38 +00:00
Lutz Jänicke	7b9cb4a224	Manual page for SSL_CTX_set_options(). Unfortunately for some of the options someone much longer working with OpenSSL/SSLeay is needed.	2001-02-10 16:18:35 +00:00

28 Commits