Disable reuse of ECDH ephemeral keys

author Viktor Dukhovni <postfix-users@dukhovni.org>

Sun, 29 May 2016 17:30:14 +0000 (13:30 -0400)

committer Viktor Dukhovni <postfix-users@dukhovni.org>

Sun, 29 May 2016 17:30:59 +0000 (13:30 -0400)
author Viktor Dukhovni <postfix-users@dukhovni.org>
Sun, 29 May 2016 17:30:14 +0000 (13:30 -0400)
committer Viktor Dukhovni <postfix-users@dukhovni.org>
Sun, 29 May 2016 17:30:59 +0000 (13:30 -0400)
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c

index 07d709c64aabd075479240451e1004f206dbc9a9..1c2f4a08403214923238e9391fe9895e358241d7 100644 (file)
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -355,6 +355,18 @@ static const LONG_NAME_MASK ssl_op_tweaks[] = {
      0, 0,
  };
  
+ /*
+  * Once these have been a NOOP long enough, they might some day be removed
+  * from OpenSSL.  The defines below will avoid bitrot issues if/when that
+  * happens.
+  */
+#ifndef SSL_OP_SINGLE_DH_USE
+#define SSL_OP_SINGLE_DH_USE 0
+#endif
+#ifndef SSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_SINGLE_ECDH_USE 0
+#endif
+
   /*
    * Ciphersuite name <=> code conversion.
    */
@@ -994,6 +1006,14 @@ long    tls_bug_bits(void)
         enable &= ~(SSL_OP_ALL | TLS_SSL_OP_MANAGED_BITS);
         bits |= enable;
      }
+
+    /*
+     * We unconditionally avoid re-use of ephemeral keys, note that we set DH
+     * keys via a callback, so reuse was never possible, but the ECDH key is
+     * set statically, so that is potentially subject to reuse.  Set both
+     * options just in case.
+     */
+    bits |= SSL_OP_SINGLE_ECDH_USE | SSL_OP_SINGLE_DH_USE;
      return (bits);
  }
author	Viktor Dukhovni <postfix-users@dukhovni.org>
	Sun, 29 May 2016 17:30:14 +0000 (13:30 -0400)
committer	Viktor Dukhovni <postfix-users@dukhovni.org>
	Sun, 29 May 2016 17:30:59 +0000 (13:30 -0400)