generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/doc/ssl
History
Dr. Stephen Henson 4b4c1fcc88 Only allow ephemeral RSA keys in export ciphersuites. 
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 12:45:10 +00:00
..
d2i_SSL_SESSION.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_accept.pod
Remove MS SGC
2015-01-02 23:01:38 +00:00
SSL_alert_type_string.pod
PR: 1794
2011-11-13 13:13:14 +00:00
SSL_CIPHER_get_name.pod
Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH
2014-11-10 10:58:49 +01:00
SSL_clear.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_COMP_add_compression_method.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_CONF_cmd_argv.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_CONF_cmd.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_CONF_CTX_new.pod
Update SSL_CONF docs.
2013-02-26 15:29:49 +00:00
SSL_CONF_CTX_set1_prefix.pod
Update SSL_CONF docs.
2013-02-26 15:29:49 +00:00
SSL_CONF_CTX_set_flags.pod
Extend SSL_CONF
2013-11-02 13:41:19 +00:00
SSL_CONF_CTX_set_ssl_ctx.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_connect.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_CTX_add1_chain_cert.pod
Fixed various pod errors
2014-05-01 00:07:28 +01:00
SSL_CTX_add_extra_chain_cert.pod
Clarify docs.
2014-06-27 16:39:39 +01:00
SSL_CTX_add_session.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_CTX_ctrl.pod
New functions SSL[_CTX]_set_msg_callback().
2001-10-20 17:56:36 +00:00
SSL_CTX_flush_sessions.pod
Documenting session caching, 2nd step.
2001-02-04 18:05:27 +00:00
SSL_CTX_free.pod
Add warning about unwanted side effect when calling SSL_CTX_free():
2003-03-27 22:04:05 +00:00
SSL_CTX_get_ex_new_index.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_get_verify_mode.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_load_verify_locations.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_CTX_new.pod
Clarify protocols supported.
2014-06-29 00:07:07 +01:00
SSL_CTX_sess_number.pod
ispell
2001-02-16 02:09:53 +00:00
SSL_CTX_sess_set_cache_size.pod
RT468: SSL_CTX_sess_set_cache_size wrong
2014-09-08 11:26:19 -04:00
SSL_CTX_sess_set_get_cb.pod
Add warning about unwanted side effect when calling SSL_CTX_free():
2003-03-27 22:04:05 +00:00
SSL_CTX_sessions.pod
ispell
2001-02-16 02:09:53 +00:00
SSL_CTX_set1_curves.pod
Clarify the return values for SSL_get_shared_curve.
2014-12-05 18:31:57 +01:00
SSL_CTX_set1_verify_cert_store.pod
Fixed various pod errors
2014-05-01 00:07:28 +01:00
SSL_CTX_set_cert_cb.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_CTX_set_cert_store.pod
Add documentation.
2013-08-18 13:53:32 +01:00
SSL_CTX_set_cert_verify_callback.pod
Add 'void *' argument to app_verify_callback.
2002-02-28 10:52:56 +00:00
SSL_CTX_set_cipher_list.pod
Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH
2014-11-10 10:58:49 +01:00
SSL_CTX_set_client_CA_list.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_CTX_set_client_cert_cb.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_CTX_set_custom_cli_ext.pod
Custom extension documentation.
2014-08-28 18:10:21 +01:00
SSL_CTX_set_default_passwd_cb.pod
Clarify! (based on recent mailing-list discussions)
2001-07-11 15:10:28 +00:00
SSL_CTX_set_generate_session_id.pod
Describe new callback for session id generation.
2001-02-23 21:38:42 +00:00
SSL_CTX_set_info_callback.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_set_max_cert_list.pod
Make maximum certifcate chain size accepted from the peer application
2001-09-11 13:08:51 +00:00
SSL_CTX_set_mode.pod
Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
2014-10-21 22:39:26 +02:00
SSL_CTX_set_msg_callback.pod
Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg
2014-05-25 23:47:32 +01:00
SSL_CTX_set_options.pod
Only allow ephemeral RSA keys in export ciphersuites.
2015-01-06 12:45:10 +00:00
SSL_CTX_set_psk_client_callback.pod
add initial support for RFC 4279 PSK SSL ciphersuites
2006-03-10 23:06:27 +00:00
SSL_CTX_set_quiet_shutdown.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_set_session_cache_mode.pod
Add a HISTORY section to the man page to mention the new flags.
2002-10-29 18:05:16 +00:00
SSL_CTX_set_session_id_context.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_CTX_set_ssl_version.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_CTX_set_timeout.pod
More details about session timeout settings.
2001-08-17 16:36:51 +00:00
SSL_CTX_set_tlsext_ticket_key_cb.pod
Update ticket callback docs.
2014-07-06 12:40:16 +01:00
SSL_CTX_set_tmp_dh_callback.pod
RT1744: SSL_CTX_set_dump_dh() doc feedback
2014-08-26 13:38:27 -04:00
SSL_CTX_set_tmp_rsa_callback.pod
Only allow ephemeral RSA keys in export ciphersuites.
2015-01-06 12:45:10 +00:00
SSL_CTX_set_verify.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_CTX_use_certificate.pod
Use algorithm specific chains for certificates.
2014-01-03 22:45:20 +00:00
SSL_CTX_use_psk_identity_hint.pod
RT2518: fix pod2man errors
2014-09-08 11:18:58 -04:00
SSL_CTX_use_serverinfo.pod
typo
2014-01-10 23:02:46 +00:00
SSL_do_handshake.pod
Remove MS SGC
2015-01-02 23:01:38 +00:00
SSL_free.pod
PR: 1835
2009-02-14 21:49:38 +00:00
SSL_get_ciphers.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_client_CA_list.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_current_cipher.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_default_timeout.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_error.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_ex_data_X509_STORE_CTX_idx.pod
Documentation about SSL_get_ex_data_X509_STORE_CTX_idx and
2001-01-20 16:22:43 +00:00
SSL_get_ex_new_index.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_fd.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_peer_cert_chain.pod
typo in SSL_get_peer_cert_chain docs
2014-05-02 00:26:05 +01:00
SSL_get_peer_certificate.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_psk_identity.pod
add initial support for RFC 4279 PSK SSL ciphersuites
2006-03-10 23:06:27 +00:00
SSL_get_rbio.pod
ispell and some other nit-picking
2000-09-16 15:39:28 +00:00
SSL_get_session.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_SSL_CTX.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_verify_result.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_version.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
SSL_library_init.pod
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
2010-04-07 13:18:30 +00:00
SSL_load_client_CA_file.pod
More SSL functions documented. Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-10-03 22:02:28 +00:00
SSL_new.pod
One more function documented.
2001-08-17 15:54:50 +00:00
SSL_pending.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_read.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_rstate_string.pod
More manual pages. Constify.
2001-08-23 17:22:43 +00:00
SSL_SESSION_free.pod
PR: 1835
2009-02-14 21:49:38 +00:00
SSL_SESSION_get_ex_new_index.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_SESSION_get_time.pod
fix typos
2006-12-21 21:13:27 +00:00
SSL_session_reused.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_set_bio.pod
Change spelling back to "behaviour" and "flavour" instead of the
2000-09-16 16:00:38 +00:00
SSL_set_connect_state.pod
Manual page for SSL_do_handshake().
2002-07-19 11:05:50 +00:00
SSL_set_fd.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_set_session.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
SSL_set_shutdown.pod
Fix additional pod errors with numbered items.
2014-02-14 22:35:15 +00:00
SSL_set_verify_result.pod
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-20 16:55:26 +00:00
SSL_shutdown.pod
RT2518: fix pod2man errors
2014-09-08 11:18:58 -04:00
SSL_state_string.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_want.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_write.pod
POD: Fix item numbering
2014-04-30 23:44:54 +01:00
ssl.pod
New functions to retrieve certificate from SSL_CTX
2013-11-18 18:59:18 +00:00