openssl

History

Dr. Stephen Henson 72f1815391 Only allow ephemeral RSA keys in export ciphersuites.

OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6)

Conflicts:
	CHANGES
	doc/ssl/SSL_CTX_set_options.pod
	ssl/d1_srvr.c
	ssl/s3_srvr.c

2015-01-06 13:27:22 +00:00

d2i_SSL_SESSION.pod

Merge branch 'rsalz-docfixes'

2014-07-03 12:35:40 -04:00

SSL_accept.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_alert_type_string.pod

ispell

2001-09-07 06:13:40 +00:00

SSL_CIPHER_get_name.pod

Merge branch 'rsalz-docfixes'

2014-07-03 12:35:40 -04:00

SSL_clear.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_COMP_add_compression_method.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_connect.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_CTX_add_extra_chain_cert.pod

Clarify docs.

2014-06-27 16:44:14 +01:00

SSL_CTX_add_session.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_CTX_ctrl.pod

New functions SSL[_CTX]_set_msg_callback().

2001-10-20 17:56:36 +00:00

SSL_CTX_flush_sessions.pod

Documenting session caching, 2nd step.

2001-02-04 18:05:27 +00:00

SSL_CTX_free.pod

Add warning about unwanted side effect when calling SSL_CTX_free():

2003-03-27 22:04:05 +00:00

SSL_CTX_get_ex_new_index.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_CTX_get_verify_mode.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_CTX_load_verify_locations.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_CTX_new.pod

Fix wrong information about SSL_set_connect_state()...

2001-07-25 12:12:51 +00:00

SSL_CTX_sess_number.pod

ispell

2001-02-16 02:09:53 +00:00

SSL_CTX_sess_set_cache_size.pod

Typos in links between manual pages

2002-07-10 19:35:54 +00:00

SSL_CTX_sess_set_get_cb.pod

Add warning about unwanted side effect when calling SSL_CTX_free():

2003-03-27 22:04:05 +00:00

SSL_CTX_sessions.pod

ispell

2001-02-16 02:09:53 +00:00

SSL_CTX_set_cert_store.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_CTX_set_cert_verify_callback.pod

Add 'void *' argument to app_verify_callback.

2002-02-28 10:52:56 +00:00

SSL_CTX_set_cipher_list.pod

Additional inline reference.

2001-07-23 12:57:37 +00:00

SSL_CTX_set_client_CA_list.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_CTX_set_client_cert_cb.pod

Merge branch 'rsalz-docfixes'

2014-07-03 12:35:40 -04:00

SSL_CTX_set_default_passwd_cb.pod

Clarify! (based on recent mailing-list discussions)

2001-07-11 15:10:28 +00:00

SSL_CTX_set_generate_session_id.pod

Describe new callback for session id generation.

2001-02-23 21:38:42 +00:00

SSL_CTX_set_info_callback.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_CTX_set_max_cert_list.pod

Make maximum certifcate chain size accepted from the peer application

2001-09-11 13:08:51 +00:00

SSL_CTX_set_mode.pod

Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.

2014-10-21 22:41:27 +02:00

SSL_CTX_set_msg_callback.pod

Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg

2014-05-25 23:48:57 +01:00

SSL_CTX_set_options.pod

Only allow ephemeral RSA keys in export ciphersuites.

2015-01-06 13:27:22 +00:00

SSL_CTX_set_quiet_shutdown.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_CTX_set_session_cache_mode.pod

Add a HISTORY section to the man page to mention the new flags.

2002-10-29 18:05:16 +00:00

SSL_CTX_set_session_id_context.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_CTX_set_ssl_version.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_CTX_set_timeout.pod

More details about session timeout settings.

2001-08-17 16:36:51 +00:00

SSL_CTX_set_tlsext_ticket_key_cb.pod

Update ticket callback docs.

2014-07-06 12:43:22 +01:00

SSL_CTX_set_tmp_dh_callback.pod

Merge branch 'rsalz-docfixes'

2014-07-03 12:35:40 -04:00

SSL_CTX_set_tmp_rsa_callback.pod

Only allow ephemeral RSA keys in export ciphersuites.

2015-01-06 13:27:22 +00:00

SSL_CTX_set_verify.pod

Merge branch 'rsalz-docfixes'

2014-07-03 12:35:40 -04:00

SSL_CTX_use_certificate.pod

improve docu of SSL_CTX_use_PrivateKey()

2005-04-08 22:49:57 +00:00

SSL_do_handshake.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_free.pod

PR: 1835

2009-02-14 21:50:14 +00:00

SSL_get_ciphers.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_client_CA_list.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_current_cipher.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_default_timeout.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_error.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_ex_data_X509_STORE_CTX_idx.pod

Documentation about SSL_get_ex_data_X509_STORE_CTX_idx and

2001-01-20 16:22:43 +00:00

SSL_get_ex_new_index.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_fd.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_peer_cert_chain.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_peer_certificate.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_rbio.pod

ispell and some other nit-picking

2000-09-16 15:39:28 +00:00

SSL_get_session.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_SSL_CTX.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_verify_result.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_get_version.pod

Merge branch 'rsalz-docfixes'

2014-07-03 12:35:40 -04:00

SSL_library_init.pod

Add SHA2 algorithms to SSL_library_init(). Although these aren't used

2010-04-07 13:19:48 +00:00

SSL_load_client_CA_file.pod

More SSL functions documented. Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

2000-10-03 22:02:28 +00:00

SSL_new.pod

One more function documented.

2001-08-17 15:54:50 +00:00

SSL_pending.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_read.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_rstate_string.pod

More manual pages. Constify.

2001-08-23 17:22:43 +00:00

SSL_SESSION_free.pod

PR: 1835

2009-02-14 21:50:14 +00:00

SSL_SESSION_get_ex_new_index.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_SESSION_get_time.pod

fix typos

2006-12-21 21:11:44 +00:00

SSL_session_reused.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_set_bio.pod

Change spelling back to "behaviour" and "flavour" instead of the

2000-09-16 16:00:38 +00:00

SSL_set_connect_state.pod

Manual page for SSL_do_handshake().

2002-07-19 11:05:50 +00:00

SSL_set_fd.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_set_session.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_set_shutdown.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_set_verify_result.pod

New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

2000-09-20 16:55:26 +00:00

SSL_shutdown.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

SSL_state_string.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_want.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00

SSL_write.pod

Fixes for newer versions of pod2man

2014-07-06 00:05:29 +01:00

ssl.pod

update docs (recent constification)

2005-03-30 11:50:14 +00:00