Back to bug 1025598

Who When What Removed Added
Hubert Kario 2013-11-01 11:48:50 UTC QA Contact qe-baseos-security hkario
Tomas Mraz 2013-11-04 15:31:09 UTC Status NEW MODIFIED
Fixed In Version openssl-1.0.1e-16.el6
errata-xmlrpc 2013-11-04 15:58:23 UTC Status MODIFIED ON_QA
Tomas Mraz 2013-11-05 13:51:43 UTC Fixed In Version openssl-1.0.1e-16.el6 openssl-1.0.1e-16.el6_5
Tomas Mraz 2013-11-06 16:25:45 UTC Doc Text Cause:
The TLS client as implemented by OpenSSL in the RHEL-6.5 update advertised support for elliptic cryptography curves that were not really supported when it was connecting to a TLS server.
Consequence:
Server then could choose unsupported elliptic curve and client would not be able to communicate with the server over the TLS.

Fix:
OpenSSL TLS client now advertises only the curves that are supported by it.
Result:
TLS communication with server that uses also curves that are not supported by the RHEL OpenSSL TLS client can be established.
Jana Heves 2013-11-07 16:01:55 UTC CC jsvarova
Doc Text Cause:
The TLS client as implemented by OpenSSL in the RHEL-6.5 update advertised support for elliptic cryptography curves that were not really supported when it was connecting to a TLS server.
Consequence:
Server then could choose unsupported elliptic curve and client would not be able to communicate with the server over the TLS.

Fix:
OpenSSL TLS client now advertises only the curves that are supported by it.
Result:
TLS communication with server that uses also curves that are not supported by the RHEL OpenSSL TLS client can be established.
Prior to this update, the Transport Layer Security (TLS) client advertised support for some elliptic curves that are not supported by it. As a consequence, server could choose unsupported elliptic curve and client would not be able to communicate with the server over the TLS. With this update, OpenSSL TLS client advertises only the curves that are supported by it, and TLS communication with server (using also curves not supported by the Red Hat Enterprise Linux OpenSSL TLS client) can now be established.
Christian Horn 2013-11-12 13:34:57 UTC CC chorn, ltroan
errata-xmlrpc 2013-11-12 15:24:09 UTC Status ON_QA VERIFIED
errata-xmlrpc 2013-11-21 00:05:24 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2013-11-22 00:25:47 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2013-11-21 19:25:47 UTC
Christian Horn 2013-12-26 11:56:15 UTC Link ID Red Hat Knowledge Base (Solution) 655233
Miloslav Trmač 2018-12-04 12:36:46 UTC CC mitr

Back to bug 1025598