In-house patch to disable SSLv3 support.
(See also upstream bug #1395095)
--- heat-2014.2.2/heat/openstack/common/sslutils.py.orig 2015-08-13 21:04:04.591411191 -0400
+++ heat-2014.2.2/heat/openstack/common/sslutils.py 2015-08-13 20:32:57.198138070 -0400
@@ -77,8 +77,7 @@
_SSL_PROTOCOLS = {
"tlsv1": ssl.PROTOCOL_TLSv1,
- "sslv23": ssl.PROTOCOL_SSLv23,
- "sslv3": ssl.PROTOCOL_SSLv3
+ "sslv23": ssl.PROTOCOL_SSLv2
}
try:
@@ -86,6 +85,11 @@
except AttributeError:
pass
+try:
+ _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
+except AttributeError:
+ pass
+
def validate_ssl_version(version):
key = version.lower()