blob: d0413210f33cda5fa11f66eb14b0d1f2f7d99cff (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
--- WWW/Library/Implementation/HTTP.c.orig 2018-08-12 12:33:30 UTC
+++ WWW/Library/Implementation/HTTP.c
@@ -206,11 +206,8 @@ SSL *HTGetSSLHandle(void)
#else
SSLeay_add_ssl_algorithms();
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) != NULL) {
-#ifdef SSL_OP_NO_SSLv2
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
-#else
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
-#endif
+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif
|
