20231112 problem in SERVICE/EJABBERD
authorNorm Jacobs <Norm.Jacobs@Oracle.COM>
Thu, 09 Jul 2015 13:47:36 -0700
changeset 4613 9c99af0be85c
parent 4612 a90827a85af0
child 4616 eeaf5255cb21
20231112 problem in SERVICE/EJABBERD
components/ejabberd/patches/001-no-sslv3.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ejabberd/patches/001-no-sslv3.patch	Thu Jul 09 13:47:36 2015 -0700
@@ -0,0 +1,23 @@
+#
+# disable SSLv3 support as it is not entirely secure.
+#
+--- ejabberd-2.1.13/src/tls/tls_drv.c.orig	Thu Jul  9 11:46:50 2015
++++ ejabberd-2.1.13/src/tls/tls_drv.c	Thu Jul  9 11:52:03 2015
[email protected]@ -44,7 +44,7 @@
+ #define SSL_OP_NO_TICKET 0
+ #endif
+ 
+-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
++#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!SSLv3"
+ 
+ /*
+  * R15B changed several driver callbacks to use ErlDrvSizeT and
[email protected]@ -440,7 +440,7 @@
+ 	    res = SSL_CTX_check_private_key(ctx);
+ 	    die_unless(res > 0, "SSL_CTX_check_private_key failed");
+ 
+-	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
++	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
+ 
+ 	    SSL_CTX_set_cipher_list(ctx, CIPHERS);
+