artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 729268b) | patch
Ensure that a ServerKeyExchange message is received if the selected cipher
authorjsing <jsing@openbsd.org>
Fri, 23 Jan 2015 14:40:59 +0000 (14:40 +0000)
committerjsing <jsing@openbsd.org>
Fri, 23 Jan 2015 14:40:59 +0000 (14:40 +0000)
commit698075327ff9f3c1c54394979a23cce939f0c715
tree4f2d95c5e3fdb874f2e6811f5009c71a444cd5b0tree | snapshot
parent729268bc3e5ff22502b404e0a2d553952694c8b7commit | diff
Ensure that a ServerKeyExchange message is received if the selected cipher
suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can
effectively be downgraded to ECDH, if the server omits the ServerKeyExchange
message and has provided a certificate with an ECC public key.

Issue reported to OpenSSL by Karthikeyan Bhargavan.

Based on OpenSSL.

Fixes CVE-2014-3572.

ok beck@
lib/libssl/s3_clnt.c diff | blob | history
lib/libssl/src/ssl/s3_clnt.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim