[Pkg-openssl-devel] Bug#807057: Incorrect PRF used by tls1_export_keying_material() with TLS 1.2
Tobias Brunner
tobias at strongswan.org
Fri Dec 4 17:16:28 UTC 2015
Package: libssl1.0.0
Version: 1.0.1e-2+deb7u18
When calling tls1_PRF() tls1_export_keying_material() directly passes
the value of algorithm2 instead of using ssl_get_algorithm2(), which
overrides the default PRF algorithm when TLS 1.2 is used. Therefore,
the keying material is actually derived using the old PRF (combination
of MD5/SHA1), which breaks e.g. EAP-TLS with newer versions of FreeRADIUS.
The problem is corrected in later versions of OpenSSL. The fix can be
found at [1].
Regards,
Tobias
[1]
https://github.com/openssl/openssl/commit/4fdf91742e3b7eb73e41b38d8d5b2f17d4d5b544
More information about the Pkg-openssl-devel
mailing list