git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Dmitry Belyavsky <beldmit@gmail.com>
	Mon, 19 Sep 2016 14:53:35 +0000 (15:53 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 22 Sep 2016 08:27:45 +0000 (09:27 +0100)
commit	41b42807726e340538701021cdc196672330f4db
tree	219799f2a1dc4a79e5369c0053fa17fd8e83d514	tree \| snapshot
parent	b8d243956296458d1782af0d6e7ecfe6deae038a	commit \| diff

Avoid KCI attack for GOST

Russian GOST ciphersuites are vulnerable to the KCI attack because they use
long-term keys to establish the connection when ssl client authorization is
on. This change brings the GOST implementation into line with the latest
specs in order to avoid the attack. It should not break backwards
compatibility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

ssl/statem/statem_clnt.c

diff | blob | blame | history

A mirror of the official openssl repository

RSS Atom