Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
88f2a4cf
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
88f2a4cf
编写于
2月 03, 2011
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
上级
9d0397e9
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
22 addition
and
12 deletion
+22
-12
CHANGES
CHANGES
+5
-0
NEWS
NEWS
+8
-0
doc/ssl/SSL_CTX_set_options.pod
doc/ssl/SSL_CTX_set_options.pod
+1
-12
ssl/s3_clnt.c
ssl/s3_clnt.c
+3
-0
ssl/s3_srvr.c
ssl/s3_srvr.c
+5
-0
未找到文件。
CHANGES
浏览文件 @
88f2a4cf
...
...
@@ -175,6 +175,11 @@
Changes between 1.0.0b and 1.0.0c [2 Dec 2010]
*) Disable code workaround for ancient and obsolete Netscape browsers
and servers: an attacker can use it in a ciphersuite downgrade attack.
Thanks to Martin Rex for discovering this bug. CVE-2010-4180
[Steve Henson]
*) Fixed J-PAKE implementation error, originally discovered by
Sebastien Martini, further info and confirmation from Stefan
Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
...
...
NEWS
浏览文件 @
88f2a4cf
...
...
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252
o Fix mishandling of absent EC point format extension.
o Fix various platform compilation issues.
o Corrected fix for security issue CVE-2010-3864.
Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
o Fix for security issue CVE-2010-3864.
...
...
doc/ssl/SSL_CTX_set_options.pod
浏览文件 @
88f2a4cf
...
...
@@ -78,18 +78,7 @@ this breaks this server so 16 bytes is the way to go.
=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
ssl3.netscape.com:443, first a connection is established with RC4-MD5.
If it is then resumed, we end up using DES-CBC3-SHA. It should be
RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
It only really shows up when connecting via SSLv2/v3 then reconnecting
via SSLv3. The cipher list changes....
NEW INFORMATION. Try connecting with a cipher list of just
DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses
RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
doing a re-connect, always takes the first cipher in the cipher list.
As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
...
...
ssl/s3_clnt.c
浏览文件 @
88f2a4cf
...
...
@@ -884,8 +884,11 @@ int ssl3_get_server_hello(SSL *s)
s
->
session
->
cipher_id
=
s
->
session
->
cipher
->
id
;
if
(
s
->
hit
&&
(
s
->
session
->
cipher_id
!=
c
->
id
))
{
/* Workaround is now obsolete */
#if 0
if (!(s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
#endif
{
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED
);
...
...
ssl/s3_srvr.c
浏览文件 @
88f2a4cf
...
...
@@ -1019,6 +1019,10 @@ int ssl3_get_client_hello(SSL *s)
break
;
}
}
/* Disabled because it can be used in a ciphersuite downgrade
* attack: CVE-2010-4180.
*/
#if 0
if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
{
/* Special case as client bug workaround: the previously used cipher may
...
...
@@ -1033,6 +1037,7 @@ int ssl3_get_client_hello(SSL *s)
j = 1;
}
}
#endif
if
(
j
==
0
)
{
/* we need to have the cipher in the cipher
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录