ejabberd-no_sslv3_or_3des.patch

   1 --- a/deps/fast_tls/c_src/fast_tls_drv.c~       2016-07-08 11:19:35.000000000 +0200
   2 +++ b/deps/fast_tls/c_src/fast_tls_drv.c        2016-08-04 16:52:34.323491442 +0200
   3 @@ -56,7 +56,7 @@ typedef unsigned __int32 uint32_t;
   4  #define SSL_OP_NO_TICKET 0
   5  #endif
   6
   7 -#define CIPHERS "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2"
   8 +#define CIPHERS "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2:!3DES"
   9
  10  /* Wrappers around driver_alloc() that check  */
  11  /* for OOM.                                   */
  12 @@ -711,13 +711,13 @@ static ErlDrvSSizeT tls_drv_control(ErlD
  13          SSL_set_bio(d->ssl, d->bio_read, d->bio_write);
  14
  15          if (command == SET_CERTIFICATE_FILE_ACCEPT) {
  16 -           options |= (SSL_OP_NO_TICKET|SSL_OP_ALL|SSL_OP_NO_SSLv2);
  17 +           options |= (SSL_OP_NO_TICKET|SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
  18
  19             SSL_set_options(d->ssl, options);
  20
  21             SSL_set_accept_state(d->ssl);
  22          } else {
  23 -           options |= (SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2);
  24 +           options |= (SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
  25
  26             SSL_set_options(d->ssl, options);
  27
  28