From: Viktor Dukhovni <postfix-users@dukhovni.org>
Date: Sun, 29 May 2016 17:30:14 +0000 (-0400)
Subject: Disable reuse of ECDH ephemeral keys
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abe643b172098efdf82c9b256704fecb650e4784;p=thirdparty%2Fpostfix.git

Disable reuse of ECDH ephemeral keys
---

diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 424d8edde..319d133fa 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -358,6 +358,18 @@ static const LONG_NAME_MASK ssl_op_tweaks[] = {
     0, 0,
 };
 
+ /*
+  * Once these have been a NOOP long enough, they might some day be removed
+  * from OpenSSL.  The defines below will avoid bitrot issues if/when that
+  * happens.
+  */
+#ifndef SSL_OP_SINGLE_DH_USE
+#define SSL_OP_SINGLE_DH_USE 0
+#endif
+#ifndef SSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_SINGLE_ECDH_USE 0
+#endif
+
  /*
   * Ciphersuite name <=> code conversion.
   */
@@ -998,6 +1010,14 @@ long    tls_bug_bits(void)
 	enable &= ~(SSL_OP_ALL | TLS_SSL_OP_MANAGED_BITS);
 	bits |= enable;
     }
+
+    /*
+     * We unconditionally avoid re-use of ephemeral keys, note that we set DH
+     * keys via a callback, so reuse was never possible, but the ECDH key is
+     * set statically, so that is potentially subject to reuse.  Set both
+     * options just in case.
+     */
+    bits |= SSL_OP_SINGLE_ECDH_USE | SSL_OP_SINGLE_DH_USE;
     return (bits);
 }