Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
compat-openssl098.4153
openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2016-0800-DROWN-disable-ssl2.patch of Package compat-openssl098.4153
Index: openssl-0.9.8j/ssl/ssl_lib.c =================================================================== --- openssl-0.9.8j.orig/ssl/ssl_lib.c 2016-02-26 14:03:36.256178000 +0100 +++ openssl-0.9.8j/ssl/ssl_lib.c 2016-02-26 14:03:38.248196881 +0100 @@ -1612,6 +1612,10 @@ */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + /* Default is now SSLv2 disabled (CVE-2016-0800 bsc#968046 DROWN) */ + if (!getenv("OPENSSL_ALLOW_SSL2")) + ret->options |= SSL_OP_NO_SSLv2; + #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO Index: openssl-0.9.8j/ssl/ssl_ciph.c =================================================================== --- openssl-0.9.8j.orig/ssl/ssl_ciph.c 2016-02-26 14:03:36.256178000 +0100 +++ openssl-0.9.8j/ssl/ssl_ciph.c 2016-02-26 14:03:38.248196881 +0100 @@ -512,6 +512,7 @@ { int i, co_list_num; SSL_CIPHER *c; + int support_export = !!getenv("OPENSSL_ALLOW_EXPORT"); /* * We have num_of_ciphers descriptions compiled in, depending on the @@ -527,12 +528,11 @@ c = ssl_method->get_cipher(i); #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) /* drop those that use any of that is not available */ + if ((c != NULL) && c->valid && !IS_MASKED(c) && #ifdef OPENSSL_FIPS - if ((c != NULL) && c->valid && !IS_MASKED(c) - && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) -#else - if ((c != NULL) && c->valid && !IS_MASKED(c)) + (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && #endif + (!(c->algo_strength & SSL_EXPORT) || support_export)) { co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
