webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-11 09:48:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssl: Disable SSLv3 and SSLv2 by default

Browse Source 
This patch will disable SSLv3 and SSLv2 by default but leaves
the protocol compiled in into the library so that applications
can use it when they still need it (e.g. sslscan).
This commit is contained in:
Michael Tremer
2015-03-12 12:55:40 +01:00
parent 33bfe91f5b
commit d0bd5afe1b
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/patches/openssl-disable-sslv2-sslv3.patch Normal file
View File

@@ -0,0 +1,13 @@
diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c
--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200
+++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200
@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
return(ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);