generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/doc/ssl
History
Dr. Stephen Henson 37580f43b5 Only allow ephemeral RSA keys in export ciphersuites. 
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6)

Conflicts:
	doc/ssl/SSL_CTX_set_options.pod
2015-01-06 13:14:05 +00:00
..
d2i_SSL_SESSION.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:53:36 -04:00
SSL_accept.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_alert_type_string.pod
PR: 1794
2011-11-13 13:13:14 +00:00
SSL_CIPHER_get_name.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:53:36 -04:00
SSL_clear.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_COMP_add_compression_method.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_connect.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_CTX_add_extra_chain_cert.pod
Clarify docs.
2014-06-27 16:41:45 +01:00
SSL_CTX_add_session.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:53:36 -04:00
SSL_CTX_ctrl.pod
New functions SSL[_CTX]_set_msg_callback().
2001-10-20 17:56:36 +00:00
SSL_CTX_flush_sessions.pod
Documenting session caching, 2nd step.
2001-02-04 18:05:27 +00:00
SSL_CTX_free.pod
Add warning about unwanted side effect when calling SSL_CTX_free():
2003-03-27 22:04:05 +00:00
SSL_CTX_get_ex_new_index.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_get_verify_mode.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_load_verify_locations.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_CTX_new.pod
Clarify protocols supported.
2014-06-29 00:04:43 +01:00
SSL_CTX_sess_number.pod
ispell
2001-02-16 02:09:53 +00:00
SSL_CTX_sess_set_cache_size.pod
Typos in links between manual pages
2002-07-10 19:35:54 +00:00
SSL_CTX_sess_set_get_cb.pod
Add warning about unwanted side effect when calling SSL_CTX_free():
2003-03-27 22:04:05 +00:00
SSL_CTX_sessions.pod
ispell
2001-02-16 02:09:53 +00:00
SSL_CTX_set_cert_store.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_set_cert_verify_callback.pod
Add 'void *' argument to app_verify_callback.
2002-02-28 10:52:56 +00:00
SSL_CTX_set_cipher_list.pod
Clarify protocols supported.
2014-06-29 00:04:43 +01:00
SSL_CTX_set_client_CA_list.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:53:36 -04:00
SSL_CTX_set_client_cert_cb.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:53:36 -04:00
SSL_CTX_set_default_passwd_cb.pod
Clarify! (based on recent mailing-list discussions)
2001-07-11 15:10:28 +00:00
SSL_CTX_set_generate_session_id.pod
Describe new callback for session id generation.
2001-02-23 21:38:42 +00:00
SSL_CTX_set_info_callback.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_set_max_cert_list.pod
Make maximum certifcate chain size accepted from the peer application
2001-09-11 13:08:51 +00:00
SSL_CTX_set_mode.pod
Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
2014-10-21 22:40:41 +02:00
SSL_CTX_set_msg_callback.pod
Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg
2014-05-25 23:48:15 +01:00
SSL_CTX_set_options.pod
Only allow ephemeral RSA keys in export ciphersuites.
2015-01-06 13:14:05 +00:00
SSL_CTX_set_psk_client_callback.pod
add initial support for RFC 4279 PSK SSL ciphersuites
2006-03-10 23:06:27 +00:00
SSL_CTX_set_quiet_shutdown.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_CTX_set_session_cache_mode.pod
Add a HISTORY section to the man page to mention the new flags.
2002-10-29 18:05:16 +00:00
SSL_CTX_set_session_id_context.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_CTX_set_ssl_version.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_CTX_set_timeout.pod
More details about session timeout settings.
2001-08-17 16:36:51 +00:00
SSL_CTX_set_tlsext_ticket_key_cb.pod
Update ticket callback docs.
2014-07-06 12:42:27 +01:00
SSL_CTX_set_tmp_dh_callback.pod
RT1744: SSL_CTX_set_dump_dh() doc feedback
2014-08-26 13:40:45 -04:00
SSL_CTX_set_tmp_rsa_callback.pod
Only allow ephemeral RSA keys in export ciphersuites.
2015-01-06 13:14:05 +00:00
SSL_CTX_set_verify.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:53:36 -04:00
SSL_CTX_use_certificate.pod
improve docu of SSL_CTX_use_PrivateKey()
2005-04-08 22:49:57 +00:00
SSL_CTX_use_psk_identity_hint.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_do_handshake.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_free.pod
PR: 1835
2009-02-14 21:49:38 +00:00
SSL_get_ciphers.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_client_CA_list.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_current_cipher.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_default_timeout.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_error.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_ex_data_X509_STORE_CTX_idx.pod
Documentation about SSL_get_ex_data_X509_STORE_CTX_idx and
2001-01-20 16:22:43 +00:00
SSL_get_ex_new_index.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_fd.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_peer_cert_chain.pod
typo in SSL_get_peer_cert_chain docs
2014-05-02 00:27:37 +01:00
SSL_get_peer_certificate.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_psk_identity.pod
add initial support for RFC 4279 PSK SSL ciphersuites
2006-03-10 23:06:27 +00:00
SSL_get_rbio.pod
ispell and some other nit-picking
2000-09-16 15:39:28 +00:00
SSL_get_session.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_SSL_CTX.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_verify_result.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_get_version.pod
Merge branch 'rsalz-docfixes'
2014-07-03 12:53:36 -04:00
SSL_library_init.pod
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
2010-04-07 13:18:30 +00:00
SSL_load_client_CA_file.pod
More SSL functions documented. Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-10-03 22:02:28 +00:00
SSL_new.pod
One more function documented.
2001-08-17 15:54:50 +00:00
SSL_pending.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_read.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_rstate_string.pod
More manual pages. Constify.
2001-08-23 17:22:43 +00:00
SSL_SESSION_free.pod
PR: 1835
2009-02-14 21:49:38 +00:00
SSL_SESSION_get_ex_new_index.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_SESSION_get_time.pod
fix typos
2006-12-21 21:13:27 +00:00
SSL_session_reused.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_set_bio.pod
Change spelling back to "behaviour" and "flavour" instead of the
2000-09-16 16:00:38 +00:00
SSL_set_connect_state.pod
Manual page for SSL_do_handshake().
2002-07-19 11:05:50 +00:00
SSL_set_fd.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_set_session.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_set_shutdown.pod
Fix additional pod errors with numbered items.
2014-02-14 22:35:39 +00:00
SSL_set_verify_result.pod
New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-20 16:55:26 +00:00
SSL_shutdown.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
SSL_state_string.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_want.pod
update docs (recent constification)
2005-03-30 11:50:14 +00:00
SSL_write.pod
POD: Fix item numbering
2014-04-30 23:47:29 +01:00
ssl.pod
Fix typo.
2011-07-11 12:13:56 +00:00