wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/doc/ssl
History
Dr. Stephen Henson 08a88774bd Only allow ephemeral RSA keys in export ciphersuites. 
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc88)

Conflicts:
	CHANGES
	doc/ssl/SSL_CTX_set_options.pod
2015-01-06 13:18:46 +00:00
..
d2i_SSL_SESSION.pod Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
ssl.pod Fix typo. 2011-07-11 12:13:50 +00:00
SSL_accept.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_alert_type_string.pod ispell 2001-09-07 06:13:40 +00:00
SSL_CIPHER_get_name.pod Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
SSL_clear.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_COMP_add_compression_method.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_connect.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_CTX_add_extra_chain_cert.pod Clarify docs. 2014-06-27 16:42:42 +01:00
SSL_CTX_add_session.pod Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
SSL_CTX_ctrl.pod New functions SSL[_CTX]_set_msg_callback(). 2001-10-20 17:56:36 +00:00
SSL_CTX_flush_sessions.pod Documenting session caching, 2nd step. 2001-02-04 18:05:27 +00:00
SSL_CTX_free.pod Add warning about unwanted side effect when calling SSL_CTX_free(): 2003-03-27 22:04:05 +00:00
SSL_CTX_get_ex_new_index.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_CTX_get_verify_mode.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_CTX_load_verify_locations.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_CTX_new.pod Let the TLSv1_method() etc. functions return a const SSL_METHOD 2005-08-14 21:48:33 +00:00
SSL_CTX_sess_number.pod ispell 2001-02-16 02:09:53 +00:00
SSL_CTX_sess_set_cache_size.pod Typos in links between manual pages 2002-07-10 19:35:54 +00:00
SSL_CTX_sess_set_get_cb.pod Add warning about unwanted side effect when calling SSL_CTX_free(): 2003-03-27 22:04:05 +00:00
SSL_CTX_sessions.pod ispell 2001-02-16 02:09:53 +00:00
SSL_CTX_set_cert_store.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_CTX_set_cert_verify_callback.pod Add 'void *' argument to app_verify_callback. 2002-02-28 10:52:56 +00:00
SSL_CTX_set_cipher_list.pod Additional inline reference. 2001-07-23 12:57:37 +00:00
SSL_CTX_set_client_CA_list.pod Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
SSL_CTX_set_client_cert_cb.pod Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
SSL_CTX_set_default_passwd_cb.pod Clarify! (based on recent mailing-list discussions) 2001-07-11 15:10:28 +00:00
SSL_CTX_set_generate_session_id.pod Describe new callback for session id generation. 2001-02-23 21:38:42 +00:00
SSL_CTX_set_info_callback.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_CTX_set_max_cert_list.pod Make maximum certifcate chain size accepted from the peer application 2001-09-11 13:08:51 +00:00
SSL_CTX_set_mode.pod Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. 2014-10-21 22:41:07 +02:00
SSL_CTX_set_msg_callback.pod Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg 2014-05-25 23:48:36 +01:00
SSL_CTX_set_options.pod Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 13:18:46 +00:00
SSL_CTX_set_psk_client_callback.pod add initial support for RFC 4279 PSK SSL ciphersuites 2006-03-10 23:06:27 +00:00
SSL_CTX_set_quiet_shutdown.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_CTX_set_session_cache_mode.pod Add a HISTORY section to the man page to mention the new flags. 2002-10-29 18:05:16 +00:00
SSL_CTX_set_session_id_context.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_CTX_set_ssl_version.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_CTX_set_timeout.pod More details about session timeout settings. 2001-08-17 16:36:51 +00:00
SSL_CTX_set_tlsext_ticket_key_cb.pod Update ticket callback docs. 2014-07-06 12:42:58 +01:00
SSL_CTX_set_tmp_dh_callback.pod RT1744: SSL_CTX_set_dump_dh() doc feedback 2014-08-26 13:40:16 -04:00
SSL_CTX_set_tmp_rsa_callback.pod Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 13:18:46 +00:00
SSL_CTX_set_verify.pod Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
SSL_CTX_use_certificate.pod improve docu of SSL_CTX_use_PrivateKey() 2005-04-08 22:49:57 +00:00
SSL_CTX_use_psk_identity_hint.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_do_handshake.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_free.pod PR: 1835 2009-02-14 21:49:38 +00:00
SSL_get_ciphers.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_client_CA_list.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_current_cipher.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_default_timeout.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_error.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_ex_data_X509_STORE_CTX_idx.pod Documentation about SSL_get_ex_data_X509_STORE_CTX_idx and 2001-01-20 16:22:43 +00:00
SSL_get_ex_new_index.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_fd.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_peer_cert_chain.pod typo in SSL_get_peer_cert_chain docs 2014-05-02 00:29:31 +01:00
SSL_get_peer_certificate.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_psk_identity.pod add initial support for RFC 4279 PSK SSL ciphersuites 2006-03-10 23:06:27 +00:00
SSL_get_rbio.pod ispell and some other nit-picking 2000-09-16 15:39:28 +00:00
SSL_get_session.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_SSL_CTX.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_verify_result.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_get_version.pod Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
SSL_library_init.pod Add SHA2 algorithms to SSL_library_init(). Although these aren't used 2010-04-07 13:18:30 +00:00
SSL_load_client_CA_file.pod More SSL functions documented. Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-10-03 22:02:28 +00:00
SSL_new.pod One more function documented. 2001-08-17 15:54:50 +00:00
SSL_pending.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_read.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_rstate_string.pod More manual pages. Constify. 2001-08-23 17:22:43 +00:00
SSL_SESSION_free.pod PR: 1835 2009-02-14 21:49:38 +00:00
SSL_SESSION_get_ex_new_index.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_SESSION_get_time.pod fix typos 2006-12-21 21:13:27 +00:00
SSL_session_reused.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_set_bio.pod Change spelling back to "behaviour" and "flavour" instead of the 2000-09-16 16:00:38 +00:00
SSL_set_connect_state.pod Manual page for SSL_do_handshake(). 2002-07-19 11:05:50 +00:00
SSL_set_fd.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_set_session.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_set_shutdown.pod Fix additional pod errors with numbered items. 2014-02-14 22:36:04 +00:00
SSL_set_verify_result.pod New documents. Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> 2000-09-20 16:55:26 +00:00
SSL_shutdown.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00
SSL_state_string.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_want.pod update docs (recent constification) 2005-03-30 11:50:14 +00:00
SSL_write.pod POD: Fix item numbering 2014-04-30 23:50:21 +01:00