author | Rich Burridge <rich.burridge@oracle.com> |
Thu, 23 Apr 2015 10:43:16 -0700 | |
branch | s11-update |
changeset 4176 | c6596428da8d |
permissions | -rw-r--r-- |
4176
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
1 |
Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability". |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
2 |
|
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
3 |
This change has been passed upstream. |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
4 |
|
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
5 |
--- lynx2-8-7/WWW/Library/Implementation/HTTP.c.orig 2015-01-29 08:30:29.185065523 -0800 |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
6 |
+++ lynx2-8-7/WWW/Library/Implementation/HTTP.c 2015-01-29 08:48:49.143858796 -0800 |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
7 |
@@ -123,6 +123,8 @@ |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
8 |
SSLeay_add_ssl_algorithms(); |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
9 |
ssl_ctx = SSL_CTX_new(SSLv23_client_method()); |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
10 |
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
11 |
+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
12 |
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
13 |
SSL_CTX_set_default_verify_paths(ssl_ctx); |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
14 |
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, HTSSLCallback); |
c6596428da8d
20231097 problem in UTILITY/LYNX
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
15 |
#endif /* SSLEAY_VERSION_NUMBER < 0x0800 */ |