author | Mike Sullivan <Mike.Sullivan@Oracle.COM> |
Thu, 08 Oct 2015 23:00:32 -0700 | |
changeset 4929 | 29020dc0c404 |
parent 3886 | 23032290b95a |
permissions | -rw-r--r-- |
3705
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
1 |
Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability". |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
2 |
|
3886
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
3 |
This change has been passed upstream. |
3705
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
4 |
|
3886
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
5 |
--- lynx2-8-8/WWW/Library/Implementation/HTTP.c.orig 2015-02-16 12:48:34.014809453 -0800 |
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
6 |
+++ lynx2-8-8/WWW/Library/Implementation/HTTP.c 2015-02-16 12:49:09.627395954 -0800 |
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
7 |
@@ -119,7 +119,8 @@ |
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
8 |
#else |
3705
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
9 |
SSLeay_add_ssl_algorithms(); |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
10 |
ssl_ctx = SSL_CTX_new(SSLv23_client_method()); |
3886
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
11 |
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); |
3705
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
12 |
+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ |
3886
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
13 |
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); |
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
14 |
#ifdef SSL_OP_NO_COMPRESSION |
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
15 |
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); |
23032290b95a
20555289 lynx should be updated to version 2.8.8
Rich Burridge <rich.burridge@oracle.com>
parents:
3705
diff
changeset
|
16 |
#endif |