Ensure that a ServerKeyExchange message is received if the selected cipher - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2015-01-23 14:40:59 +0000
committer	jsing <>	2015-01-23 14:40:59 +0000
commit	b6a7eb076f7627d0312c842d4bf174d3e68812b2 (patch)
tree	450f8d7eed375d7c70f748ed9396632f092c9465 /src/lib/libc/stdlib
parent	559d7136e35fb0b3cc5d43240d5102630410c202 (diff)
download	openbsd-b6a7eb076f7627d0312c842d4bf174d3e68812b2.tar.gz openbsd-b6a7eb076f7627d0312c842d4bf174d3e68812b2.tar.bz2 openbsd-b6a7eb076f7627d0312c842d4bf174d3e68812b2.zip

Ensure that a ServerKeyExchange message is received if the selected cipher

suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can effectively be downgraded to ECDH, if the server omits the ServerKeyExchange message and has provided a certificate with an ECC public key. Issue reported to OpenSSL by Karthikeyan Bhargavan. Based on OpenSSL. Fixes CVE-2014-3572. ok beck@

Diffstat (limited to 'src/lib/libc/stdlib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: