openssl

History

Matt Caswell 8bc643efc8 Always generate DH keys for ephemeral DH cipher suites

Modified version of the commit ffaef3f15 in the master branch by Stephen
Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
generates a new DH key for every handshake regardless.

This is a follow on from CVE-2016-0701. This branch is not impacted by
that CVE because it does not support X9.42 style parameters. It is still
possible to generate parameters based on primes that are not "safe",
although by default OpenSSL does not do this. The documentation does
sign post that using such parameters is unsafe if the private DH key is
reused. However to avoid accidental problems or future attacks this commit
has been backported to this branch.

Issue reported by Antonio Sanso

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

2016-01-28 10:27:55 +00:00

apps

File is about s_time, not s_client

2016-01-10 13:14:52 +01:00

crypto

Document how BIO_get_conn_ip and BIO_get_conn_int_port actually work

2015-12-19 22:10:32 +01:00

HOWTO

Improves certificates HOWTO

2014-12-22 16:26:12 +01:00

ssl

Always generate DH keys for ephemeral DH cipher suites

2016-01-28 10:27:55 +00:00

c-indentation.el

Make sure to set indent-tabs-mode so that we get tabs, not spaces.

2008-02-21 07:24:12 +00:00

dir-locals.example.el

Remove auto-fill-mode

2015-08-31 18:21:04 +02:00

fingerprints.txt

Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date

2014-07-15 23:24:26 +01:00

openssl_button.gif

Added the new `Includes OpenSSL Cryptography Software' button as

1999-03-04 12:55:42 +00:00

openssl_button.html

Added the new `Includes OpenSSL Cryptography Software' button as

1999-03-04 12:55:42 +00:00

openssl-c-indent.el

Add an example .dir-locals.el

2015-08-31 18:21:04 +02:00

openssl-shared.txt

Add documentation on how to handle the shared libaries.

2003-01-10 16:14:32 +00:00

openssl.txt

fix typos

2006-02-15 19:42:22 +00:00

README

Add a new file where all the standards and other documents that we try

2000-05-18 21:22:50 +00:00

ssleay.txt

PR: 1894

2009-04-16 17:22:51 +00:00

standards.txt

Add SEED encryption algorithm.

2007-04-23 23:48:59 +00:00

README

 apps/openssl.pod .... Documentation of OpenSSL `openssl' command
 crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a
 ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
 openssl.txt ......... Assembled documentation files for OpenSSL [not final]
 ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete]
 standards.txt ....... Assembled pointers to standards, RFCs or internet drafts
                       that are related to OpenSSL.

 An archive of HTML documents for the SSLeay library is available from
 http://www.columbia.edu/~ariel/ssleay/