generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
09ccb58518
openssl/doc
History
Matt Caswell 8bc643efc8 Always generate DH keys for ephemeral DH cipher suites 
Modified version of the commit ffaef3f15 in the master branch by Stephen
Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
generates a new DH key for every handshake regardless.

This is a follow on from CVE-2016-0701. This branch is not impacted by
that CVE because it does not support X9.42 style parameters. It is still
possible to generate parameters based on primes that are not "safe",
although by default OpenSSL does not do this. The documentation does
sign post that using such parameters is unsafe if the private DH key is
reused. However to avoid accidental problems or future attacks this commit
has been backported to this branch.

Issue reported by Antonio Sanso

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-28 10:27:55 +00:00
..
apps File is about s_time, not s_client 2016-01-10 13:14:52 +01:00
crypto Document how BIO_get_conn_ip and BIO_get_conn_int_port actually work 2015-12-19 22:10:32 +01:00
HOWTO Improves certificates HOWTO 2014-12-22 16:26:12 +01:00
ssl Always generate DH keys for ephemeral DH cipher suites 2016-01-28 10:27:55 +00:00
c-indentation.el Make sure to set indent-tabs-mode so that we get tabs, not spaces. 2008-02-21 07:24:12 +00:00
dir-locals.example.el Remove auto-fill-mode 2015-08-31 18:21:04 +02:00
fingerprints.txt Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date 2014-07-15 23:24:26 +01:00
openssl_button.gif Added the new `Includes OpenSSL Cryptography Software' button as 1999-03-04 12:55:42 +00:00
openssl_button.html Added the new `Includes OpenSSL Cryptography Software' button as 1999-03-04 12:55:42 +00:00
openssl-c-indent.el Add an example .dir-locals.el 2015-08-31 18:21:04 +02:00
openssl-shared.txt Add documentation on how to handle the shared libaries. 2003-01-10 16:14:32 +00:00
openssl.txt fix typos 2006-02-15 19:42:22 +00:00
README Add a new file where all the standards and other documents that we try 2000-05-18 21:22:50 +00:00
ssleay.txt PR: 1894 2009-04-16 17:22:51 +00:00
standards.txt Add SEED encryption algorithm. 2007-04-23 23:48:59 +00:00

README 

 apps/openssl.pod .... Documentation of OpenSSL `openssl' command
 crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a
 ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
 openssl.txt ......... Assembled documentation files for OpenSSL [not final]
 ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete]
 standards.txt ....... Assembled pointers to standards, RFCs or internet drafts
                       that are related to OpenSSL.

 An archive of HTML documents for the SSLeay library is available from
 http://www.columbia.edu/~ariel/ssleay/