equal
deleted
inserted
replaced
1 Disable SSLv2 and SSLv3 in elinks to "mitigate POODLE vulnerability". |
1 Disable SSLv2 and SSLv3 in links to "mitigate POODLE vulnerability". |
2 |
2 |
3 This change will be passed upstream. |
3 This change will be passed upstream. |
4 |
4 |
5 --- links-1.03/https.c.orig 2014-12-17 15:47:04.315785336 -0800 |
5 --- https.c.orig 2015-01-13 06:51:50.062449801 -0800 |
6 +++ links-1.03/https.c 2015-01-06 13:08:06.766439550 -0800 |
6 +++ https.c 2015-01-13 06:52:03.963799972 -0800 |
7 @@ -41,6 +41,7 @@ |
7 @@ -63,6 +63,7 @@ |
8 SSLeay_add_ssl_algorithms(); |
8 context = SSL_CTX_new((void *)m); |
9 context = SSL_CTX_new(SSLv23_client_method()); |
9 if (!context) return NULL; |
10 SSL_CTX_set_options(context, SSL_OP_ALL); |
10 SSL_CTX_set_options(context, SSL_OP_ALL); |
11 + SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); |
11 + SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); |
12 SSL_CTX_set_default_verify_paths(context); |
12 SSL_CTX_set_default_verify_paths(context); |
13 /* needed for systems without /dev/random, but obviously kills security. */ |
13 |
14 /*{ |
14 } |