openssl/ssl
Dr. Stephen Henson 4b4c1fcc88 Only allow ephemeral RSA keys in export ciphersuites.
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 12:45:10 +00:00
..
.cvsignore
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:02 +00:00
d1_both.c Remove extraneous white space, and add some braces 2014-12-16 00:13:36 +00:00
d1_clnt.c Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset 2014-11-20 15:17:36 +01:00
d1_lib.c Remove incorrect code inadvertently introduced through commit 59669b6ab. 2014-12-04 14:18:45 +00:00
d1_meth.c Dual DTLS version methods. 2013-09-18 13:46:02 +01:00
d1_pkt.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:44:03 +00:00
d1_srtp.c Additional fix required for no-srtp to work 2015-01-05 14:28:40 +00:00
d1_srvr.c Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 12:45:10 +00:00
dtls1.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:31:35 +00:00
heartbeat_test.c Add conditional unit testing interface. 2014-07-24 19:42:26 +01:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:26 +00:00
kssl.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:17:54 +01:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:10 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Makefile Delete unused file 2014-11-27 21:46:00 +00:00
s2_clnt.c RT2842: Remove spurious close-comment marker. 2014-09-08 10:50:33 -04:00
s2_enc.c Fix warning in ssl2_enc 2014-11-27 21:46:04 +00:00
s2_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
s2_meth.c
s2_pkt.c Check EVP_Cipher return values for SSL2 2014-11-27 21:46:04 +00:00
s2_srvr.c Fix memory leak in s2_srvr.c if BUF_MEM_grow fails 2014-12-13 00:04:32 +00:00
s3_both.c Remove MS SGC 2015-01-02 23:01:38 +00:00
s3_cbc.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 12:47:19 +02:00
s3_clnt.c Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 12:45:10 +00:00
s3_enc.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:44:03 +00:00
s3_lib.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:17:54 +01:00
s3_meth.c New option no-ssl3-method which removes SSLv3_*method 2014-11-19 22:54:30 +00:00
s3_pkt.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:44:03 +00:00
s3_srvr.c Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 12:45:10 +00:00
s23_clnt.c Fix no-ssl3 configuration option 2014-10-15 08:54:26 -04:00
s23_lib.c Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 2014-06-27 16:52:00 +01:00
s23_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
s23_pkt.c
s23_srvr.c Fixed memory leak if BUF_MEM_grow fails 2014-12-13 00:03:58 +00:00
srtp.h Add include of ssl.h which is required by srtp.h 2014-11-27 13:17:56 +00:00
ssl-lib.com Add t1_ext and ssl_utst to the VMS build as well. 2014-08-31 18:22:02 +02:00
ssl.h Only allow ephemeral RSA keys in export ciphersuites. 2015-01-06 12:45:10 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 2011-05-11 12:56:38 +00:00
ssl3.h Update SGC flag comment. 2015-01-02 23:12:37 +00:00
ssl23.h
ssl_algs.c Add AES-NI+SHA256 stitch registrations (from master). 2014-02-02 00:05:02 +01:00
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-07 23:57:00 +01:00
ssl_cert.c Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST 2014-11-27 20:51:59 +00:00
ssl_ciph.c Clear warnings/errors within KSSL_DEBUG code sections 2014-12-17 14:17:54 +01:00
ssl_conf.c Add -no_resumption_on_reneg to SSL_CONF. 2014-03-27 15:51:25 +00:00
ssl_err.c Add more meaningful OPENSSL_NO_ECDH error message for suite b mode 2014-12-16 14:17:32 +00:00
ssl_err2.c
ssl_lib.c Ensure that the session ID context of an SSL* is updated 2015-01-05 17:33:02 +01:00
ssl_locl.h Remove MS SGC 2015-01-02 23:01:38 +00:00
ssl_rsa.c Rename some callbacks, fix alignment. 2014-08-28 18:10:21 +01:00
ssl_sess.c Tighten session ticket handling 2014-10-28 17:38:23 +01:00
ssl_stat.c Remove all RFC5878 code. 2014-07-04 13:42:05 +01:00
ssl_task.c
ssl_txt.c Provisional DTLS 1.2 support. 2013-09-18 13:46:02 +01:00
ssl_utst.c Add conditional unit testing interface. 2014-07-24 19:42:26 +01:00
ssltest.c New option no-ssl3-method which removes SSLv3_*method 2014-11-19 22:54:30 +00:00
t1_clnt.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_enc.c Clear warnings/errors within TLS_DEBUG code sections 2014-12-17 14:17:54 +01:00
t1_ext.c Rename some callbacks, fix alignment. 2014-08-28 18:10:21 +01:00
t1_lib.c Fix building with no-srtp 2015-01-05 14:28:40 +00:00
t1_meth.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_trce.c Adding padding extension to trace code. 2014-05-20 11:22:15 +01:00
tls1.h Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH 2014-11-10 10:58:49 +01:00
tls_srp.c Check SRP parameters early. 2014-08-06 20:41:53 +01:00