| author | Norm Jacobs <Norm.Jacobs@Oracle.COM> |
| Thu, 09 Jul 2015 13:47:36 -0700 | |
| changeset 4613 | 9c99af0be85c |
| permissions | -rw-r--r-- |
|
4613
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
1 |
# |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
2 |
# disable SSLv3 support as it is not entirely secure. |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
3 |
# |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
4 |
--- ejabberd-2.1.13/src/tls/tls_drv.c.orig Thu Jul 9 11:46:50 2015 |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
5 |
+++ ejabberd-2.1.13/src/tls/tls_drv.c Thu Jul 9 11:52:03 2015 |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
6 |
@@ -44,7 +44,7 @@ |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
7 |
#define SSL_OP_NO_TICKET 0 |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
8 |
#endif |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
9 |
|
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
10 |
-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2" |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
11 |
+#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!SSLv3" |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
12 |
|
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
13 |
/* |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
14 |
* R15B changed several driver callbacks to use ErlDrvSizeT and |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
15 |
@@ -440,7 +440,7 @@ |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
16 |
res = SSL_CTX_check_private_key(ctx); |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
17 |
die_unless(res > 0, "SSL_CTX_check_private_key failed"); |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
18 |
|
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
19 |
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET); |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
20 |
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET); |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
21 |
|
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
22 |
SSL_CTX_set_cipher_list(ctx, CIPHERS); |
|
9c99af0be85c
20231112 problem in SERVICE/EJABBERD
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset
|
23 |