Ensure that a ServerKeyExchange message is received if the selected cipher

suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can
effectively be downgraded to ECDH, if the server omits the ServerKeyExchange
message and has provided a certificate with an ECC public key.

Issue reported to OpenSSL by Karthikeyan Bhargavan.

Based on OpenSSL.

Fixes CVE-2014-3572.

ok beck@

0 files changed, 0 insertions, 0 deletions