Ensure that a ServerKeyExchange message is received if the selected cipher - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2015-01-23 14:40:59 +0000
committer	jsing <>	2015-01-23 14:40:59 +0000
commit	0ca354610056aedab2a285f08e0140b96d01d69a (patch)
tree	450f8d7eed375d7c70f748ed9396632f092c9465 /src/lib/libssl/ssl_ciph.c
parent	38bc6a91e6b835277fe04c41f679587c7b390ffe (diff)
download	openbsd-0ca354610056aedab2a285f08e0140b96d01d69a.tar.gz openbsd-0ca354610056aedab2a285f08e0140b96d01d69a.tar.bz2 openbsd-0ca354610056aedab2a285f08e0140b96d01d69a.zip

Ensure that a ServerKeyExchange message is received if the selected cipher

suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can effectively be downgraded to ECDH, if the server omits the ServerKeyExchange message and has provided a certificate with an ECC public key. Issue reported to OpenSSL by Karthikeyan Bhargavan. Based on OpenSSL. Fixes CVE-2014-3572. ok beck@

Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: