72f1815391
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 4b4c1fcc88)
Conflicts:
CHANGES
doc/ssl/SSL_CTX_set_options.pod
ssl/d1_srvr.c
ssl/s3_srvr.c
34 KiB
34 KiB