Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
openssl.28540
openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2016-0800-DROWN-disable-ssl2.patch of Package openssl.28540
Index: openssl-1.0.2g/ssl/ssl_lib.c =================================================================== --- openssl-1.0.2g.orig/ssl/ssl_lib.c 2016-04-18 18:06:24.688145088 +0200 +++ openssl-1.0.2g/ssl/ssl_lib.c 2016-04-18 18:08:53.774417679 +0200 @@ -2054,12 +2054,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - /* - * Disable SSLv2 by default, callers that want to enable SSLv2 will have to - * explicitly clear this option via either of SSL_CTX_clear_options() or - * SSL_clear_options(). - */ - ret->options |= SSL_OP_NO_SSLv2; + /* Default is now SSLv2 disabled (CVE-2016-0800 bsc#968046 DROWN) */ + if (!getenv("OPENSSL_ALLOW_SSL2")) + ret->options |= SSL_OP_NO_SSLv2; return (ret); err:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor