upstream/oracle/userland-gate: components/apache2/patches/no_ssl2_and

4249 bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	1	Patch origin: in-house
4883 cd5ceed10e53 21479636 Upgrade Apache Web Server to version 2.2.31 Petr Sumbera <petr.sumbera@oracle.com> parents: 4249 diff changeset	2	Patch status: unclear; so far they disable it just in configuration file
cd5ceed10e53 21479636 Upgrade Apache Web Server to version 2.2.31 Petr Sumbera <petr.sumbera@oracle.com> parents: 4249 diff changeset	3
cd5ceed10e53 21479636 Upgrade Apache Web Server to version 2.2.31 Petr Sumbera <petr.sumbera@oracle.com> parents: 4249 diff changeset	4	https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
4249 bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	5
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	6	--- modules/ssl/ssl_private.h
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	7	+++ modules/ssl/ssl_private.h
4883 cd5ceed10e53 21479636 Upgrade Apache Web Server to version 2.2.31 Petr Sumbera <petr.sumbera@oracle.com> parents: 4249 diff changeset	8	@@ -244,9 +244,9 @@
4249 bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	9	#define SSL_PROTOCOL_SSLV3 (1<<1)
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	10	#define SSL_PROTOCOL_TLSV1 (1<<2)
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	11	#ifdef OPENSSL_NO_SSL2
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	12	-#define SSL_MOST_ALL SSL_PROTOCOL_SSLV3\|SSL_PROTOCOL_TLSV1
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	13	+#define SSL_MOST_ALL SSL_PROTOCOL_TLSV1
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	14	#else
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	15	-#define SSL_MOST_ALL SSL_PROTOCOL_SSLV2\|SSL_PROTOCOL_SSLV3\|SSL_PROTOCOL_TLSV1
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	16	+#define SSL_MOST_ALL SSL_PROTOCOL_TLSV1
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	17	#endif
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	18	#ifdef HAVE_TLSV1_X
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	19	#define SSL_PROTOCOL_TLSV1_1 (1<<3)
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	20	--- docs/manual/mod/mod_ssl.html.en
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	21	+++ docs/manual/mod/mod_ssl.html.en
4883 cd5ceed10e53 21479636 Upgrade Apache Web Server to version 2.2.31 Petr Sumbera <petr.sumbera@oracle.com> parents: 4249 diff changeset	22	@@ -1082,8 +1082,8 @@
4249 bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	23	<p>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	24	This is the Secure Sockets Layer (SSL) protocol, version 3.0, from
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	25	the Netscape Corporation.
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	26	- It is the successor to SSLv2 and the predecessor to TLSv1. It's supported by
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	27	- almost all popular browsers.</p></li>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	28	+ It is the successor to SSLv2 and the predecessor to TLSv1. Though its
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	29	+ use has been deprecated, because of weaknesses in the security of the protocol.</p></li>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	30
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	31	<li><code>TLSv1</code>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	32	<p>
4883 cd5ceed10e53 21479636 Upgrade Apache Web Server to version 2.2.31 Petr Sumbera <petr.sumbera@oracle.com> parents: 4249 diff changeset	33	@@ -1103,13 +1103,11 @@
4249 bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	34
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	35	<li><code>All</code>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	36	<p>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	37	- This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' or
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	38	- - when using OpenSSL 1.0.1 and later -
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	39	- ``<code>+SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2</code>'', respectively.</p></li>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	40	+ This is a shortcut for ``<code>+TLSv1 +TLSv1.1 +TLSv1.2</code>''.</p></li>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	41	</ul>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	42	<div class="example"><h3>Example</h3><p><code>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	43	# enable SSLv3 and all available TLSv1 flavors, but not SSLv2<br />
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	44	-SSLProtocol All -SSLv2
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	45	+SSLProtocol All +SSLv3
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	46	</code></p></div>
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	47
bb2990b48dfc 20813188 problem in UTILITY/APACHE Petr Sumbera <petr.sumbera@oracle.com> parents: diff changeset	48	</div>

author	Petr Sumbera <petr.sumbera@oracle.com>
	Wed, 16 Sep 2015 01:25:52 -0700
branch	s11u3-sru
changeset 4883	cd5ceed10e53
parent 4249	bb2990b48dfc
permissions	-rw-r--r--