Disable reuse of ECDH ephemeral keys

author Viktor Dukhovni <postfix-users@dukhovni.org>

Sun, 29 May 2016 17:30:14 +0000 (13:30 -0400)

committer Viktor Dukhovni <postfix-users@dukhovni.org>

Sun, 28 Aug 2016 00:27:35 +0000 (20:27 -0400)
author Viktor Dukhovni <postfix-users@dukhovni.org>
Sun, 29 May 2016 17:30:14 +0000 (13:30 -0400)
committer Viktor Dukhovni <postfix-users@dukhovni.org>
Sun, 28 Aug 2016 00:27:35 +0000 (20:27 -0400)
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c

index 0407b3c7900bcacb5c095e6e436891e4eb5d2c75..e8b6d7cf17b7bdc4f5db5dc4d8f02ea79b9baaa3 100644 (file)
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -381,6 +381,18 @@ static const LONG_NAME_MASK ssl_op_tweaks[] = {
      0, 0,
  };
  
+ /*
+  * Once these have been a NOOP long enough, they might some day be removed
+  * from OpenSSL.  The defines below will avoid bitrot issues if/when that
+  * happens.
+  */
+#ifndef SSL_OP_SINGLE_DH_USE
+#define SSL_OP_SINGLE_DH_USE 0
+#endif
+#ifndef SSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_SINGLE_ECDH_USE 0
+#endif
+
   /*
    * Ciphersuite name <=> code conversion.
    */
@@ -1059,6 +1071,14 @@ long    tls_bug_bits(void)
         enable &= ~(SSL_OP_ALL | TLS_SSL_OP_MANAGED_BITS);
         bits |= enable;
      }
+
+    /*
+     * We unconditionally avoid re-use of ephemeral keys, note that we set DH
+     * keys via a callback, so reuse was never possible, but the ECDH key is
+     * set statically, so that is potentially subject to reuse.  Set both
+     * options just in case.
+     */
+    bits |= SSL_OP_SINGLE_ECDH_USE | SSL_OP_SINGLE_DH_USE;
      return (bits);
  }
author	Viktor Dukhovni <postfix-users@dukhovni.org>
	Sun, 29 May 2016 17:30:14 +0000 (13:30 -0400)
committer	Viktor Dukhovni <postfix-users@dukhovni.org>
	Sun, 28 Aug 2016 00:27:35 +0000 (20:27 -0400)