New release of OpenSSL  fixes the following bug:
Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted.
- master: https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63
- 0.9.8: https://github.com/openssl/openssl/commit/e42a2abadc90664e2615dc63ba7f79cf163f780a
- 1.0.1: https://github.com/openssl/openssl/commit/ef28c6d6767a6a30df5add36171894c96628fe98
Upstream commit that looks to fix the problem:
I am not sure whether this affects also the ephemeral DH ciphersuites or not. The patch adds the requirement for ServerKeyExchange message for ephemeral DH as well.
This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2015:0066 https://rhn.redhat.com/errata/RHSA-2015-0066.html