diff options
author | Dmitry Belyavsky <beldmit@gmail.com> | 2016-09-19 15:53:35 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-09-22 09:28:07 +0100 |
commit | d3c9d6e99f075e6fbdab94db00b220cfa08b5c4b (patch) | |
tree | 6266d94b62d7d63a4f7e8cd61e47c813d941f4cf /CHANGES | |
parent | 63658103d4441924f8dbfc517b99bb54758a98b9 (diff) | |
download | openssl-d3c9d6e99f075e6fbdab94db00b220cfa08b5c4b.tar.gz |
Avoid KCI attack for GOST
Russian GOST ciphersuites are vulnerable to the KCI attack because they use
long-term keys to establish the connection when ssl client authorization is
on. This change brings the GOST implementation into line with the latest
specs in order to avoid the attack. It should not break backwards
compatibility.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'CHANGES')
0 files changed, 0 insertions, 0 deletions