--- /dev/null
+diff -dur ejabberd-13.10.orig/deps/p1_tls/c_src/p1_tls_drv.c ejabberd-13.10/deps/p1_tls/c_src/p1_tls_drv.c
+--- ejabberd-13.10.orig/deps/p1_tls/c_src/p1_tls_drv.c 2013-07-17 13:50:12.000000000 +0200
++++ ejabberd-13.10/deps/p1_tls/c_src/p1_tls_drv.c 2013-11-16 15:29:02.705022418 +0100
+@@ -44,7 +44,7 @@
+ #define SSL_OP_NO_TICKET 0
+ #endif
+
+-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
++#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!3DES"
+
+ /*
+ * R15B changed several driver callbacks to use ErlDrvSizeT and
+@@ -490,11 +490,11 @@
+ SSL_set_bio(d->ssl, d->bio_read, d->bio_write);
+
+ if (command == SET_CERTIFICATE_FILE_ACCEPT) {
+- SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET|SSL_OP_ALL);
++ SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_ALL);
+
+ SSL_set_accept_state(d->ssl);
+ } else {
+- SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
++ SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
+ SSL_set_connect_state(d->ssl);
+ }
+ break;
# Conditional build:
%bcond_with pam # PAM authentication support
%bcond_with logdb # enable mod_logdb (server-side message logging)
+%bcond_with weaker_crypto # enable SSLv3
Summary: Fault-tolerant distributed Jabber/XMPP server
Summary(pl.UTF-8): Odporny na awarie rozproszony serwer Jabbera/XMPP
#Patch2: %{name}-vcard-access-get.patch
# http://www.dp.uz.gov.ua/o.palij/mod_logdb/patch-mod_logdb-2.1.12.diff
Patch3: %{name}-mod_logdb.patch
+Patch4: %{name}-no_sslv3_or_3des.patch
URL: http://www.ejabberd.im/
BuildRequires: autoconf
BuildRequires: automake
%if %{with logdb}
%patch3 -p0
%endif
+%if %{without weaker_crypto}
+%patch4 -p1
+%endif
# Various parts of the build system use 'git describe'
# which returns nonsense on manual builds using the builder script