# HG changeset patch
# User Norm Jacobs <Norm.Jacobs@Oracle.COM>
# Date 1436474904 25200
# Node ID 0949962e86d73127af9c3d139fb7a769fbe86145
# Parent  4f32e4d4bbeec0d2294698f202a3682b35136d2c
20231112 problem in SERVICE/EJABBERD

diff -r 4f32e4d4bbee -r 0949962e86d7 components/ejabberd/patches/001-no-sslv3.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ejabberd/patches/001-no-sslv3.patch	Thu Jul 09 13:48:24 2015 -0700
@@ -0,0 +1,23 @@
+#
+# disable SSLv3 support as it is not entirely secure.
+#
+--- ejabberd-2.1.13/src/tls/tls_drv.c.orig	Thu Jul  9 11:46:50 2015
++++ ejabberd-2.1.13/src/tls/tls_drv.c	Thu Jul  9 11:52:03 2015
+@@ -44,7 +44,7 @@
+ #define SSL_OP_NO_TICKET 0
+ #endif
+ 
+-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
++#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!SSLv3"
+ 
+ /*
+  * R15B changed several driver callbacks to use ErlDrvSizeT and
+@@ -440,7 +440,7 @@
+ 	    res = SSL_CTX_check_private_key(ctx);
+ 	    die_unless(res > 0, "SSL_CTX_check_private_key failed");
+ 
+-	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
++	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
+ 
+ 	    SSL_CTX_set_cipher_list(ctx, CIPHERS);
+