author | Petr Sumbera <petr.sumbera@oracle.com> |
Wed, 16 Sep 2015 01:25:52 -0700 | |
branch | s11u3-sru |
changeset 4883 | cd5ceed10e53 |
parent 4249 | bb2990b48dfc |
permissions | -rw-r--r-- |
4249
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
1 |
Patch origin: in-house |
4883
cd5ceed10e53
21479636 Upgrade Apache Web Server to version 2.2.31
Petr Sumbera <petr.sumbera@oracle.com>
parents:
4249
diff
changeset
|
2 |
Patch status: unclear; so far they disable it just in configuration file |
cd5ceed10e53
21479636 Upgrade Apache Web Server to version 2.2.31
Petr Sumbera <petr.sumbera@oracle.com>
parents:
4249
diff
changeset
|
3 |
|
cd5ceed10e53
21479636 Upgrade Apache Web Server to version 2.2.31
Petr Sumbera <petr.sumbera@oracle.com>
parents:
4249
diff
changeset
|
4 |
https://bz.apache.org/bugzilla/show_bug.cgi?id=57120 |
4249
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
5 |
|
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
6 |
--- modules/ssl/ssl_private.h |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
7 |
+++ modules/ssl/ssl_private.h |
4883
cd5ceed10e53
21479636 Upgrade Apache Web Server to version 2.2.31
Petr Sumbera <petr.sumbera@oracle.com>
parents:
4249
diff
changeset
|
8 |
@@ -244,9 +244,9 @@ |
4249
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
9 |
#define SSL_PROTOCOL_SSLV3 (1<<1) |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
10 |
#define SSL_PROTOCOL_TLSV1 (1<<2) |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
11 |
#ifdef OPENSSL_NO_SSL2 |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
12 |
-#define SSL_MOST_ALL SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1 |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
13 |
+#define SSL_MOST_ALL SSL_PROTOCOL_TLSV1 |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
14 |
#else |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
15 |
-#define SSL_MOST_ALL SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1 |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
16 |
+#define SSL_MOST_ALL SSL_PROTOCOL_TLSV1 |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
17 |
#endif |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
18 |
#ifdef HAVE_TLSV1_X |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
19 |
#define SSL_PROTOCOL_TLSV1_1 (1<<3) |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
20 |
--- docs/manual/mod/mod_ssl.html.en |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
21 |
+++ docs/manual/mod/mod_ssl.html.en |
4883
cd5ceed10e53
21479636 Upgrade Apache Web Server to version 2.2.31
Petr Sumbera <petr.sumbera@oracle.com>
parents:
4249
diff
changeset
|
22 |
@@ -1082,8 +1082,8 @@ |
4249
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
23 |
<p> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
24 |
This is the Secure Sockets Layer (SSL) protocol, version 3.0, from |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
25 |
the Netscape Corporation. |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
26 |
- It is the successor to SSLv2 and the predecessor to TLSv1. It's supported by |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
27 |
- almost all popular browsers.</p></li> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
28 |
+ It is the successor to SSLv2 and the predecessor to TLSv1. Though its |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
29 |
+ use has been deprecated, because of weaknesses in the security of the protocol.</p></li> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
30 |
|
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
31 |
<li><code>TLSv1</code> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
32 |
<p> |
4883
cd5ceed10e53
21479636 Upgrade Apache Web Server to version 2.2.31
Petr Sumbera <petr.sumbera@oracle.com>
parents:
4249
diff
changeset
|
33 |
@@ -1103,13 +1103,11 @@ |
4249
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
34 |
|
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
35 |
<li><code>All</code> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
36 |
<p> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
37 |
- This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' or |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
38 |
- - when using OpenSSL 1.0.1 and later - |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
39 |
- ``<code>+SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2</code>'', respectively.</p></li> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
40 |
+ This is a shortcut for ``<code>+TLSv1 +TLSv1.1 +TLSv1.2</code>''.</p></li> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
41 |
</ul> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
42 |
<div class="example"><h3>Example</h3><p><code> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
43 |
# enable SSLv3 and all available TLSv1 flavors, but not SSLv2<br /> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
44 |
-SSLProtocol All -SSLv2 |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
45 |
+SSLProtocol All +SSLv3 |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
46 |
</code></p></div> |
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
47 |
|
bb2990b48dfc
20813188 problem in UTILITY/APACHE
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
48 |
</div> |