diff options
| author | jsing <> | 2015-01-23 14:40:59 +0000 | 
|---|---|---|
| committer | jsing <> | 2015-01-23 14:40:59 +0000 | 
| commit | b6a7eb076f7627d0312c842d4bf174d3e68812b2 (patch) | |
| tree | 450f8d7eed375d7c70f748ed9396632f092c9465 /src/usr.bin/openssl/pkeyparam.c | |
| parent | 559d7136e35fb0b3cc5d43240d5102630410c202 (diff) | |
| download | openbsd-b6a7eb076f7627d0312c842d4bf174d3e68812b2.tar.gz openbsd-b6a7eb076f7627d0312c842d4bf174d3e68812b2.tar.bz2 openbsd-b6a7eb076f7627d0312c842d4bf174d3e68812b2.zip | |
Ensure that a ServerKeyExchange message is received if the selected cipher
suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can
effectively be downgraded to ECDH, if the server omits the ServerKeyExchange
message and has provided a certificate with an ECC public key.
Issue reported to OpenSSL by Karthikeyan Bhargavan.
Based on OpenSSL.
Fixes CVE-2014-3572.
ok beck@
Diffstat (limited to 'src/usr.bin/openssl/pkeyparam.c')
0 files changed, 0 insertions, 0 deletions
