Skip to main content
Revision 802a070bb6452dd9df49e550e0f3b16777e5232b authored by Dr. Stephen Henson on 24 October 2014, 11:30:33 UTC, committed by Dr. Stephen Henson on 05 January 2015, 23:52:28 UTC
ECDH downgrade bug fix.
Fix bug where an OpenSSL client would accept a handshake using an
ephemeral ECDH ciphersuites with the server key exchange message omitted.

Thanks to Karthikeyan Bhargavan for reporting this issue.

CVE-2014-3572
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63)

Conflicts:
	CHANGES
1 parent 31c65a7
History
FileModeSize
.cvsignore -rw-r--r--171 bytes
back to top