--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/cinder/patches/08-disable-sslv3.patch Fri Aug 14 15:36:22 2015 -0400
@@ -0,0 +1,27 @@
+In-house patch to disable SSLv3 support.
+(See also upstream bug #1395095)
+
+--- cinder-2014.2.2/cinder/openstack/common/sslutils.py.orig 2015-02-05 11:03:26.000000000 -0500
++++ cinder-2014.2.2/cinder/openstack/common/sslutils.py 2015-08-13 20:27:21.205921362 -0400
+@@ -80,8 +80,7 @@
+
+ _SSL_PROTOCOLS = {
+ "tlsv1": ssl.PROTOCOL_TLSv1,
+- "sslv23": ssl.PROTOCOL_SSLv23,
+- "sslv3": ssl.PROTOCOL_SSLv3
++ "sslv23": ssl.PROTOCOL_SSLv23
+ }
+
+ try:
+@@ -89,6 +88,11 @@
+ except AttributeError:
+ pass
+
++try:
++ _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
++except AttributeError:
++ pass
++
+
+ def validate_ssl_version(version):
+ key = version.lower()
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/heat/patches/08-disable-sslv3.patch Fri Aug 14 15:36:22 2015 -0400
@@ -0,0 +1,27 @@
+In-house patch to disable SSLv3 support.
+(See also upstream bug #1395095)
+
+--- heat-2014.2.2/heat/openstack/common/sslutils.py.orig 2015-08-13 21:04:04.591411191 -0400
++++ heat-2014.2.2/heat/openstack/common/sslutils.py 2015-08-13 20:32:57.198138070 -0400
+@@ -77,8 +77,7 @@
+
+ _SSL_PROTOCOLS = {
+ "tlsv1": ssl.PROTOCOL_TLSv1,
+- "sslv23": ssl.PROTOCOL_SSLv23,
+- "sslv3": ssl.PROTOCOL_SSLv3
++ "sslv23": ssl.PROTOCOL_SSLv2
+ }
+
+ try:
+@@ -86,6 +85,11 @@
+ except AttributeError:
+ pass
+
++try:
++ _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
++except AttributeError:
++ pass
++
+
+ def validate_ssl_version(version):
+ key = version.lower()
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/neutron/patches/05-disable-sslv3.patch Fri Aug 14 15:36:22 2015 -0400
@@ -0,0 +1,27 @@
+In-house patch to disable SSLv3 support.
+(See also upstream bug #1395095)
+
+--- neutron-2014.2.2/neutron/openstack/common/sslutils.py.orig 2015-08-13 21:05:44.916269265 -0400
++++ neutron-2014.2.2/neutron/openstack/common/sslutils.py 2015-08-13 20:37:57.022549534 -0400
+@@ -80,8 +80,7 @@
+
+ _SSL_PROTOCOLS = {
+ "tlsv1": ssl.PROTOCOL_TLSv1,
+- "sslv23": ssl.PROTOCOL_SSLv23,
+- "sslv3": ssl.PROTOCOL_SSLv3
++ "sslv23": ssl.PROTOCOL_SSLv23
+ }
+
+ try:
+@@ -89,6 +88,11 @@
+ except AttributeError:
+ pass
+
++try:
++ _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
++except AttributeError:
++ pass
++
+
+ def validate_ssl_version(version):
+ key = version.lower()
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/nova/patches/08-disable-sslv3.patch Fri Aug 14 15:36:22 2015 -0400
@@ -0,0 +1,27 @@
+In-house patch to disable SSLv3 support.
+(See also upstream bug #1395095)
+
+--- nova-2014.2.2/nova/openstack/common/sslutils.py.orig 2015-08-13 21:05:03.502632113 -0400
++++ nova-2014.2.2/nova/openstack/common/sslutils.py 2015-08-13 20:37:09.223554130 -0400
+@@ -77,8 +77,7 @@
+
+ _SSL_PROTOCOLS = {
+ "tlsv1": ssl.PROTOCOL_TLSv1,
+- "sslv23": ssl.PROTOCOL_SSLv23,
+- "sslv3": ssl.PROTOCOL_SSLv3
++ "sslv23": ssl.PROTOCOL_SSLv23
+ }
+
+ try:
+@@ -86,6 +85,11 @@
+ except AttributeError:
+ pass
+
++try:
++ _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
++except AttributeError:
++ pass
++
+
+ def validate_ssl_version(version):
+ key = version.lower()
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/oslo.messaging/patches/01-disable-sslv3.patch Fri Aug 14 15:36:22 2015 -0400
@@ -0,0 +1,57 @@
+This upstream patch addresses the removal of SSLv3 (Bug# 1395095)
+
+From https://review.openstack.org/openstack/oslo.messaging
+ * branch refs/changes/78/136278/2 -> FETCH_HEAD
+From 42f55a1dda96d4ceecf8cca5fba9cd723673f6e3 Mon Sep 17 00:00:00 2001
+From: Thomas Goirand <[email protected]>
+Date: Fri, 21 Nov 2014 17:40:46 +0800
+Subject: [PATCH] Remove the use of PROTOCOL_SSLv3
+
+The PROTOCOL_SSLv3 should not be used, as it can be exploited with
+a protocol downgrade attack. Also, its support has been removed in
+Debian, so it simply doesn't work at all now in Sid.
+
+This patch removes PROTOCOL_SSLv3 from one of the possible protocols
+used by oslo.messaging.
+
+Closes-Bug: #1395095
+Change-Id: I2c1977c3bfc1923bcb03744e909f2e70c7fdb14c
+---
+ oslo/messaging/_drivers/impl_rabbit.py | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/oslo/messaging/_drivers/impl_rabbit.py b/oslo/messaging/_drivers/impl_rabbit.py
+index 939a3ce..0c786ed 100644
+--- a/oslo/messaging/_drivers/impl_rabbit.py
++++ b/oslo/messaging/_drivers/impl_rabbit.py
+@@ -41,8 +41,8 @@ rabbit_opts = [
+ cfg.StrOpt('kombu_ssl_version',
+ default='',
+ help='SSL version to use (valid only if SSL enabled). '
+- 'valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may '
+- 'be available on some distributions.'
++ 'valid values are TLSv1 and SSLv23. SSLv2 and '
++ 'SSLv3 may be available on some distributions.'
+ ),
+ cfg.StrOpt('kombu_ssl_keyfile',
+ default='',
+@@ -496,8 +496,7 @@ class Connection(object):
+ # FIXME(markmc): use oslo sslutils when it is available as a library
+ _SSL_PROTOCOLS = {
+ "tlsv1": ssl.PROTOCOL_TLSv1,
+- "sslv23": ssl.PROTOCOL_SSLv23,
+- "sslv3": ssl.PROTOCOL_SSLv3
++ "sslv23": ssl.PROTOCOL_SSLv23
+ }
+
+ try:
+@@ -505,6 +504,11 @@ class Connection(object):
+ except AttributeError:
+ pass
+
++ try:
++ _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
++ except AttributeError:
++ pass
++
+ @classmethod