Commit ID: 10056CC60D855ACD834
CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/02/23 13:38:36 UTC
Modified files:
lib/libssl/src/crypto: opensslv.h
lib/libssl/src/doc/ssl: SSL_CTX_set_options.pod
SSL_CTX_set_tmp_dh_callback.pod
lib/libssl/src/ssl: s3_lib.c s3_srvr.c
Log message:
Backport from Debian squeeze-LTS by Kurt Roeckx:
>From 5475d108f64b8a56141dc0b29ac841695f9dfa5f Mon Sep 17 00:00:00 2001
From: Matt Caswell <[email protected]>
Date: Thu, 17 Dec 2015 02:57:20 +0000
Subject: [PATCH 1/2] Always generate DH keys for ephemeral DH cipher suites
Modified version of the commit ffaef3f15 in the master branch by Stephen
Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
generates a new DH key for every handshake regardless.
This is a follow on from CVE-2016-0701. This branch is not impacted by
that CVE because it does not support X9.42 style parameters. It is still
possible to generate parameters based on primes that are not "safe",
although by default OpenSSL does not do this. The documentation does
sign post that using such parameters is unsafe if the private DH key is
reused. However to avoid accidental problems or future attacks this commit
has been backported to this branch.
Issue reported by Antonio Sanso
To generate a diff of this changeset, execute the following commands:
cvs -R rdiff -kk -upr1.13 -r1.14 src/lib/libssl/src/crypto/opensslv.h
cvs -R rdiff -kk -upr1.2 -r1.3
src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
cvs -R rdiff -kk -upr1.1.1.1 -r1.2
src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
cvs -R rdiff -kk -upr1.6 -r1.7 src/lib/libssl/src/ssl/s3_lib.c
cvs -R rdiff -kk -upr1.15 -r1.16 src/lib/libssl/src/ssl/s3_srvr.c
