Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/lynx/patches/02-init-openssl.patch
author Mike Sullivan <Mike.Sullivan@Oracle.COM>
Wed, 05 Aug 2015 10:48:38 -0700
changeset 4742 8f6fdd91de07
parent 3886 23032290b95a
permissions -rw-r--r--
15802265 SUNBT7182198 include r programming language in solaris (disable parfait)

Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability".

This change has been passed upstream.

--- lynx2-8-8/WWW/Library/Implementation/HTTP.c.orig	2015-02-16 12:48:34.014809453 -0800
+++ lynx2-8-8/WWW/Library/Implementation/HTTP.c	2015-02-16 12:49:09.627395954 -0800
@@ -119,7 +119,8 @@
 #else
 	SSLeay_add_ssl_algorithms();
 	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
+	/* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
+	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 #ifdef SSL_OP_NO_COMPRESSION
 	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
 #endif
upstream/oracle/userland-gate