kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
525a0fe315
boringssl/ssl
History
David Benjamin 525a0fe315 Remove client-side support for ServerKeyExchange in the RSA key exchange. 
Server-side support was removed in 77a942b7fe,
but client-side support was retained as it appeared NSS supported this.
However, this is not the case: ssl3_HandleServerKeyExchange only allows a
ServerKeyExchange message if hs.ws is in an appropriate state.
ssl3_AuthCertificate only sets it to allow ServerKeyExchange if it is a key
exchange that normally uses it or if is_limited is set. is_limited is only set
for the export cipher suites.

Thus we can safely remove this without waiting on gathering UMA data.

BUG=chromium:400587

Change-Id: I9aefb742dbb2d99c13340ab48017e1ceee04bc2f
Reviewed-on: https://boringssl-review.googlesource.com/2230
Reviewed-by: Adam Langley <agl@google.com>
2014-11-10 23:00:09 +00:00
..
pqueue Test insertion of duplicates in pqueue_test. 2014-11-06 01:46:57 +00:00
test Test renegotiation with BoringSSL as the client. 2014-11-04 01:25:31 +00:00
CMakeLists.txt Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
d1_both.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
d1_clnt.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
d1_enc.c Remove KSSL_DEBUG. 2014-11-04 19:35:38 +00:00
d1_lib.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
d1_meth.c
d1_pkt.c Remove #if 0'd code documenting an old bug. 2014-11-10 22:45:17 +00:00
d1_srtp.c Add less dangerous versions of SRTP functions. 2014-10-27 21:58:09 +00:00
d1_srvr.c Remove DTLSv1_listen. 2014-11-10 22:39:24 +00:00
s3_both.c Remove remnant of MS SGC second ClientHello. 2014-11-04 00:25:13 +00:00
s3_cbc.c Add a few more constant-time utility functions. 2014-11-10 13:45:32 -08:00
s3_clnt.c Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
s3_enc.c Extended master secret support. 2014-10-24 21:19:44 +00:00
s3_lib.c Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
s3_meth.c Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
s3_pkt.c Don't be lenient if the client attempts unsafe renego. 2014-11-10 22:46:17 +00:00
s3_srvr.c Simplify constant-time RSA padding check. 2014-11-10 13:45:33 -08:00
s23_clnt.c Handle session resumption in SSLv23_client_method. 2014-09-25 22:04:20 +00:00
s23_lib.c Remove default_timeout hook. 2014-08-18 17:25:20 +00:00
s23_meth.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_pkt.c
s23_srvr.c Remove Suite B mode. 2014-08-14 22:00:16 +00:00
ssl_algs.c Remove indirection in loading ciphers. 2014-09-15 21:06:10 +00:00
ssl_asn1.c Add SSL_SESSION_to_bytes to replace i2d_SSL_SESSION. 2014-10-28 19:02:59 +00:00
ssl_cert.c Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
ssl_ciph.c Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
ssl_error.c Add SSL_SESSION_to_bytes to replace i2d_SSL_SESSION. 2014-10-28 19:02:59 +00:00
ssl_lib.c Remove T** parameter to ssl_bytes_to_cipher_list. 2014-10-24 02:01:33 +00:00
ssl_locl.h Remove client-side support for ServerKeyExchange in the RSA key exchange. 2014-11-10 23:00:09 +00:00
ssl_rsa.c Prune removed key types from SSL_PKEY_*. 2014-08-20 02:15:32 +00:00
ssl_sess.c Remove key_arg and key_arg_length from SSL_SESSION. 2014-10-21 17:55:49 +00:00
ssl_stat.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_test.c Add SSL_SESSION_to_bytes to replace i2d_SSL_SESSION. 2014-10-28 19:02:59 +00:00
ssl_txt.c Remove key_arg and key_arg_length from SSL_SESSION. 2014-10-21 17:55:49 +00:00
t1_enc.c Remove KSSL_DEBUG. 2014-11-04 19:35:38 +00:00
t1_lib.c Extended master secret support. 2014-10-24 21:19:44 +00:00
t1_reneg.c