[ipfire-2.x.git] / src / patches / openssl-disable-sslv2-sslv3.patch

diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c\r
--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3	2014-06-11 16:02:52.000000000 +0200\r
+++ openssl-1.0.1h/ssl/ssl_lib.c	2014-06-30 14:18:04.290248080 +0200\r
@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m\r
 	 */\r
 	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;\r
 \r
+	/* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */\r
+	ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;\r
+\r
 	return(ret);\r
 err:\r
 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);\r
Commit	Line	Data
d0bd5afe MT	1	diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c\r
	2	--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200\r
	3	+++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200\r
	4	@@ -1875,6 +1875,9 @@ SSL_CTX SSL_CTX_new(const SSL_METHOD m\r
	5	*/\r
	6	ret->options \|= SSL_OP_LEGACY_SERVER_CONNECT;\r
	7	\r
	8	+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */\r
	9	+ ret->options \|= SSL_OP_NO_SSLv2 \| SSL_OP_NO_SSLv3;\r
	10	+\r
	11	return(ret);\r
	12	err:\r
	13	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);\r