CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/01/23 07:40:59
Modified files:
lib/libssl/src/ssl: s3_clnt.c
Log message:
Ensure that a ServerKeyExchange message is received if the selected cipher
suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can
effectively be downgraded to ECDH, if the server omits the ServerKeyExchange
message and has provided a certificate with an ECC public key.
Issue reported to OpenSSL by Karthikeyan Bhargavan.
Based on OpenSSL.
Fixes CVE-2014-3572.
ok beck@
