Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/lighttpd/patches/02-sslv3-disable.patch
changeset 5738 fc0e1d002c9e
parent 4349 c997b59f70f0
child 7006 eb24eb49f7c4 
--- a/components/lighttpd/patches/02-sslv3-disable.patch	Thu Apr 07 01:49:33 2016 -0700
+++ b/components/lighttpd/patches/02-sslv3-disable.patch	Tue Apr 05 05:41:03 2016 -0700
@@ -1,16 +1,16 @@
 Patch origin: in-house
-Patch status: submitted to upstream
+Patch status: Not suitable for upstream.
 
-http://redmine.lighttpd.net/issues/2647
+Always disable SSLv3 and don't allow to enable it ever again.
 
---- src/configfile.c
-+++ src/configfile.c
-@@ -182,7 +182,7 @@
- 		s->ssl_honor_cipher_order = 1;
- 		s->ssl_empty_fragments = 0;
- 		s->ssl_use_sslv2 = 0;
--		s->ssl_use_sslv3 = 1;
-+		s->ssl_use_sslv3 = 0;
- 		s->use_ipv6      = 0;
- 		s->set_v6only    = 1;
- 		s->defer_accept  = 0;
+--- src/network.c
++++ src/network.c
+@@ -780,7 +780,7 @@
+ 			}
+ 		}
+ 
+-		if (!s->ssl_use_sslv3) {
++		if (1) {
+ 			/* disable SSLv3 */
+ 			if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) {
+ 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
upstream/oracle/userland-gate