Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
openssl
openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2016-0800-DROWN-disable-ssl2.patch of Package openssl
Index: openssl-1.0.1i/ssl/ssl_lib.c =================================================================== --- openssl-1.0.1i.orig/ssl/ssl_lib.c 2016-02-25 12:52:30.918424138 +0100 +++ openssl-1.0.1i/ssl/ssl_lib.c 2016-02-25 12:52:35.458507117 +0100 @@ -1886,6 +1886,10 @@ ret->wbuf_freelist->len = 0; ret->wbuf_freelist->head = NULL; #endif + /* Default is now SSLv2 disabled (CVE-2016-0800 bsc#968046 DROWN) */ + if (!getenv("OPENSSL_ALLOW_SSL2")) + ret->options |= SSL_OP_NO_SSLv2; + #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO Index: openssl-1.0.1i/ssl/ssl_ciph.c =================================================================== --- openssl-1.0.1i.orig/ssl/ssl_ciph.c 2016-02-25 12:52:30.918424138 +0100 +++ openssl-1.0.1i/ssl/ssl_ciph.c 2016-02-25 12:52:35.458507117 +0100 @@ -790,6 +790,7 @@ { int i, co_list_num; const SSL_CIPHER *c; + int support_export = !!getenv("OPENSSL_ALLOW_EXPORT"); /* * We have num_of_ciphers descriptions compiled in, depending on the @@ -805,6 +806,7 @@ c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && + (!(c->algo_strength & SSL_EXPORT) || support_export) && #ifdef OPENSSL_FIPS (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && #endif
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor