]> git.pld-linux.org Git - packages/ejabberd.git/blame - ejabberd-no_sslv3_or_3des.patch
projects / packages / ejabberd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- rel 3; stop_kindly is too annoying for users
[packages/ejabberd.git] / ejabberd-no_sslv3_or_3des.patch
CommitLineData
5e08a6fd
JK		 1--- ejabberd-13.12/deps/p1_tls/c_src/p1_tls_drv.c.orig 2013-12-23 22:55:13.000000000 +0100
2+++ ejabberd-13.12/deps/p1_tls/c_src/p1_tls_drv.c 2014-03-13 14:21:50.000000000 +0100
3@@ -47,7 +47,7 @@
c4f8aa56
JK		 4 #define SSL_OP_NO_TICKET 0
5 #endif
6
5e08a6fd
JK		 7-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2"
8+#define CIPHERS "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2:!3DES"
c4f8aa56
JK		 9
10 /*
11 * R15B changed several driver callbacks to use ErlDrvSizeT and
c6f5b587 12@@ -548,13 +548,13 @@ static ErlDrvSSizeT tls_drv_control(ErlD
c4f8aa56
JK		 13 SSL_set_bio(d->ssl, d->bio_read, d->bio_write);
14
15 if (command == SET_CERTIFICATE_FILE_ACCEPT) {
c6f5b587
AM		 16- options |= (SSL_OP_NO_TICKET|SSL_OP_ALL|SSL_OP_NO_SSLv2);
17+ options |= (SSL_OP_NO_TICKET|SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
18
19 SSL_set_options(d->ssl, options);
c4f8aa56
JK		 20
21 SSL_set_accept_state(d->ssl);
22 } else {
c6f5b587
AM		 23- options |= (SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2);
24+ options |= (SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
25
26 SSL_set_options(d->ssl, options);
27
28
Fault-tolerant distributed Jabber/XMPP server
This page took 0.041734 seconds and 4 git commands to generate.