granicus.if.org Git - openssl/commit

]> granicus.if.org Git - openssl/commit

author	Dmitry Belyavsky <beldmit@gmail.com>
	Mon, 19 Sep 2016 15:05:53 +0000 (16:05 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 22 Sep 2016 08:22:05 +0000 (09:22 +0100)
commit	92c8d6ae0d741fdca3b72baf627d16908dae64ce
tree	04ddd43ab342d57bde9868a5e12c8e6ca6398945	tree \| snapshot
parent	38f59bd1f1da9f5ef67044b35af26528e5b183dd	commit \| diff

Avoid KCI attack for GOST

Russian GOST ciphersuites are vulnerable to the KCI attack because they use
long-term keys to establish the connection when ssl client authorization is
on. This change brings the GOST implementation into line with the latest
specs in order to avoid the attack. It should not break backwards
compatibility.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

ssl/s3_clnt.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom