]> git.pld-linux.org Git - packages/ejabberd.git/blob - ejabberd-no_sslv3_or_3des.patch
projects / packages / ejabberd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Disable SSLv3 and 3DES ciphers
[packages/ejabberd.git] / ejabberd-no_sslv3_or_3des.patch
1 diff -dur ejabberd-13.10.orig/deps/p1_tls/c_src/p1_tls_drv.c ejabberd-13.10/deps/p1_tls/c_src/p1_tls_drv.c
2 --- ejabberd-13.10.orig/deps/p1_tls/c_src/p1_tls_drv.c  2013-07-17 13:50:12.000000000 +0200
3 +++ ejabberd-13.10/deps/p1_tls/c_src/p1_tls_drv.c       2013-11-16 15:29:02.705022418 +0100
4 @@ -44,7 +44,7 @@
5  #define SSL_OP_NO_TICKET 0
6  #endif
7  
8 -#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
9 +#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!3DES"
10  
11  /*
12   * R15B changed several driver callbacks to use ErlDrvSizeT and
13 @@ -490,11 +490,11 @@
14          SSL_set_bio(d->ssl, d->bio_read, d->bio_write);
15  
16          if (command == SET_CERTIFICATE_FILE_ACCEPT) {
17 -           SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET|SSL_OP_ALL);
18 +           SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_ALL);
19  
20             SSL_set_accept_state(d->ssl);
21          } else {
22 -           SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
23 +           SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
24             SSL_set_connect_state(d->ssl);
25          }
26          break;
Fault-tolerant distributed Jabber/XMPP server
This page took 0.030986 seconds and 3 git commands to generate.