20231097 problem in UTILITY/LYNX s11-update
authorRich Burridge <rich.burridge@oracle.com>
Thu, 23 Apr 2015 10:43:16 -0700
branchs11-update
changeset 4176 c6596428da8d
parent 4175 a6869c2101fe
child 4177 403051808966
20231097 problem in UTILITY/LYNX
components/lynx/patches/02-init-openssl.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lynx/patches/02-init-openssl.patch	Thu Apr 23 10:43:16 2015 -0700
@@ -0,0 +1,15 @@
+Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability".
+
+This change has been passed upstream.
+
+--- lynx2-8-7/WWW/Library/Implementation/HTTP.c.orig	2015-01-29 08:30:29.185065523 -0800
++++ lynx2-8-7/WWW/Library/Implementation/HTTP.c	2015-01-29 08:48:49.143858796 -0800
[email protected]@ -123,6 +123,8 @@
+ 	SSLeay_add_ssl_algorithms();
+ 	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+ 	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
++	/* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
++	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+ 	SSL_CTX_set_default_verify_paths(ssl_ctx);
+ 	SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, HTSSLCallback);
+#endif /* SSLEAY_VERSION_NUMBER < 0x0800 */