Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/ejabberd/patches/001-no-sslv3.patch
changeset 4613 9c99af0be85c 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ejabberd/patches/001-no-sslv3.patch	Thu Jul 09 13:47:36 2015 -0700
@@ -0,0 +1,23 @@
+#
+# disable SSLv3 support as it is not entirely secure.
+#
+--- ejabberd-2.1.13/src/tls/tls_drv.c.orig	Thu Jul  9 11:46:50 2015
++++ ejabberd-2.1.13/src/tls/tls_drv.c	Thu Jul  9 11:52:03 2015
+@@ -44,7 +44,7 @@
+ #define SSL_OP_NO_TICKET 0
+ #endif
+ 
+-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
++#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!SSLv3"
+ 
+ /*
+  * R15B changed several driver callbacks to use ErlDrvSizeT and
+@@ -440,7 +440,7 @@
+ 	    res = SSL_CTX_check_private_key(ctx);
+ 	    die_unless(res > 0, "SSL_CTX_check_private_key failed");
+ 
+-	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
++	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
+ 
+ 	    SSL_CTX_set_cipher_list(ctx, CIPHERS);
+
upstream/oracle/userland-gate