Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/ejabberd/patches/001-no-sslv3.patch
author Stefan Teleman <stefan.teleman@oracle.com>
Tue, 17 Nov 2015 12:35:41 -0800
changeset 5099 a14d6941c0c9
parent 4613 9c99af0be85c
permissions -rw-r--r--
PSARC/2015/404 ISL v0.12.2: Integer Set Library 21459198 introduce ISL in Solaris

#
# disable SSLv3 support as it is not entirely secure.
#
--- ejabberd-2.1.13/src/tls/tls_drv.c.orig	Thu Jul  9 11:46:50 2015
+++ ejabberd-2.1.13/src/tls/tls_drv.c	Thu Jul  9 11:52:03 2015
@@ -44,7 +44,7 @@
 #define SSL_OP_NO_TICKET 0
 #endif
 
-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
+#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!SSLv3"
 
 /*
  * R15B changed several driver callbacks to use ErlDrvSizeT and
@@ -440,7 +440,7 @@
 	    res = SSL_CTX_check_private_key(ctx);
 	    die_unless(res > 0, "SSL_CTX_check_private_key failed");
 
-	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
+	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
 
 	    SSL_CTX_set_cipher_list(ctx, CIPHERS);
upstream/oracle/userland-gate