openssl/ssl
Matt Caswell 8af91fd9d0 Don't fail the connection in SSLv3 if server selects ECDHE
ECDHE is not properly defined for SSLv3. Commit fe55c4a2 prevented ECDHE
from being selected in that protocol. However, historically, servers do
still select ECDHE anyway so that commit causes interoperability problems.
Clients that previously worked when talking to an SSLv3 server could now
fail.

This commit introduces an exception which enables a client to continue in
SSLv3 if the server selected ECDHE.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3204)
2017-04-24 16:15:40 +01:00
..
record Fix minor compiler issues. 2017-04-19 12:51:08 -04:00
statem Don't fail the connection in SSLv3 if server selects ECDHE 2017-04-24 16:15:40 +01:00
bio_ssl.c Get pointer type right in BIO_ssl_shutdown() 2017-03-07 09:56:49 -05:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c Code health: Stop using timeb.h / ftime() (VMS only) 2017-02-28 15:32:01 +01:00
d1_msg.c Remove some obsolete/obscure internal define switches: 2017-03-01 10:44:49 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Add the SSL_METHOD for TLSv1.3 and all other base changes required 2016-11-02 13:08:21 +00:00
packet_locl.h Miscellaneous style tweaks based on feedback received 2017-01-30 10:18:23 +00:00
packet.c Use for loop in WPACKET_fill_lengths instead of do...while 2017-01-30 10:18:24 +00:00
pqueue.c Fix a missed size_t variable declaration 2016-11-04 12:09:46 +00:00
s3_cbc.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
s3_enc.c Use the new TLSv1.3 certificate_required alert where appropriate 2017-03-10 15:33:31 +00:00
s3_lib.c Remove ECDH(E) ciphers from SSLv3 2017-04-11 13:25:19 -04:00
s3_msg.c Provide functions to write early data 2017-03-02 17:44:14 +00:00
ssl_asn1.c ASN.1: adapt our use of INTxx et al by making them explicitely embedded 2017-04-13 10:23:31 +02:00
ssl_cert.c Ignore dups in X509_STORE_add_* 2017-04-20 15:33:42 -04:00
ssl_ciph.c Remove some obsolete/obscure internal define switches: 2017-03-01 10:44:49 +01:00
ssl_conf.c SSL_CONF support for certificate_authorities 2017-04-03 23:47:21 +01:00
ssl_err.c Implement certificate_authorities extension 2017-03-17 18:41:56 +00:00
ssl_init.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_lib.c Don't fail the connection in SSLv3 if server selects ECDHE 2017-04-24 16:15:40 +01:00
ssl_locl.h Don't fail the connection in SSLv3 if server selects ECDHE 2017-04-24 16:15:40 +01:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Create an ENDPOINT enum type for use internally 2017-04-07 13:41:04 +01:00
ssl_sess.c Move the extensions context codes into the public API 2017-04-07 13:41:04 +01:00
ssl_stat.c Add missing debug strings. 2016-09-07 16:08:38 -04:00
ssl_txt.c Move extension data into sub-structs 2017-01-09 22:26:47 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Use the new TLSv1.3 certificate_required alert where appropriate 2017-03-10 15:33:31 +00:00
t1_lib.c Don't fail the connection in SSLv3 if server selects ECDHE 2017-04-24 16:15:40 +01:00
t1_trce.c Add TLSv1.3 draft-19 messages to trace 2017-03-16 13:16:51 -04:00
tls13_enc.c Fix minor compiler issues. 2017-04-19 12:51:08 -04:00
tls_srp.c Indent ssl/ 2016-08-18 14:02:29 +02:00