generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,736 Commits 16 Branches 258 Tags
ba442a7e1ba96d0b189bc627a2a750c928a42d13
Commit Graph

28 Commits

Author SHA1 Message Date
Dr. Stephen Henson
72f1815391 Only allow ephemeral RSA keys in export ciphersuites. 
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc88)

Conflicts:
	CHANGES
	doc/ssl/SSL_CTX_set_options.pod
	ssl/d1_srvr.c
	ssl/s3_srvr.c
 2015-01-06 13:27:22 +00:00
Rich Salz
85dcce7c63 Merge branch 'rsalz-docfixes' 
(cherry picked from commit b5071dc2f6)

Conflicts:

	doc/apps/s_client.pod
	doc/apps/verify.pod
	doc/apps/x509v3_config.pod
	doc/crypto/ASN1_generate_nconf.pod
	doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
	doc/ssl/SSL_CONF_cmd.pod
	doc/ssl/SSL_CONF_cmd_argv.pod
	doc/ssl/SSL_CTX_set_cert_cb.pod
	doc/ssl/SSL_CTX_set_security_level.pod
 2014-07-03 12:35:40 -04:00
Rob Stradling
cadbbd51c8 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. 
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
 2013-10-04 14:55:01 +01:00
Dr. Stephen Henson
7890b562bc fix for CVE-2010-4180 2010-12-02 18:49:28 +00:00
Dr. Stephen Henson
6ae9770d34 clarify documentation 2010-02-18 12:42:03 +00:00
Dr. Stephen Henson
442ac8d259 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:37:47 +00:00
Dr. Stephen Henson
68be98d1a6 update references to new RI RFC 2010-02-12 22:02:07 +00:00
Dr. Stephen Henson
33d7b5ec07 reword RI description 2010-01-27 18:53:59 +00:00
Dr. Stephen Henson
4b38f35e72 update documentation to reflect new renegotiation options 2010-01-27 17:50:47 +00:00
Dr. Stephen Henson
37aff2199e Typo 2010-01-05 17:50:12 +00:00
Dr. Stephen Henson
7a8a3ef4f6 clarify docs 2009-12-09 18:17:21 +00:00
Dr. Stephen Henson
98c7b0367d Document option clearning functions. 
Initial secure renegotiation documentation.
 2009-12-09 18:01:07 +00:00
Dr. Stephen Henson
29c0866b38 Update docs and NEWS file. 2007-08-23 22:53:57 +00:00
Dr. Stephen Henson
0214ea0dfe Update from HEAD. 2007-08-23 22:49:42 +00:00
Mark J. Cox
64932f9e4a Add fixes for CAN-2005-2969 
Bump release ready for OpenSSL_0_9_8a tag
 2005-10-11 10:16:21 +00:00
Dr. Stephen Henson
e27a259696 Doc fixes. 2005-03-22 17:55:33 +00:00
Richard Levitte
d177e6180d Spelling errors. 
PR: 538
 2003-03-20 11:41:59 +00:00
Lutz Jänicke
2edcb4ac71 Typos in links between manual pages 
Submitted by: Richard.Koenning@fujitsu-siemens.com
Reviewed by:
PR: 129
 2002-07-10 19:35:54 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC 
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
 2002-06-14 12:21:11 +00:00
Bodo Möller
51008ffce1 document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 2001-10-17 11:56:26 +00:00
Ulf Möller
3b80e3aa9e ispell 2001-09-07 06:13:40 +00:00
Ulf Möller
f2ab7d1392 typo. 2001-08-22 18:35:17 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
37f599bcec Reworked manual pages with a lot of input from Bodo Moeller. 2001-07-31 15:04:50 +00:00
Lutz Jänicke
4db48ec0bd Documentation about ephemeral key exchange 2001-07-21 11:02:17 +00:00
Ulf Möller
52d160d85d ispell 2001-02-16 02:09:53 +00:00
Lutz Jänicke
1b65ce7db3 Update for 0.9.7 with SSL_OP_CIPHER_SERVER_PREFERENCE. 2001-02-10 16:21:38 +00:00
Lutz Jänicke
7b9cb4a224 Manual page for SSL_CTX_set_options(). Unfortunately for some of the 
options someone much longer working with OpenSSL/SSLeay is needed.
 2001-02-10 16:18:35 +00:00