mirror of
https://git.freebsd.org/ports.git
synced 2025-07-05 03:19:18 -04:00
6a6206f048
Changes: https://lynx.invisible-island.net/lynx2.8.9/breakout/CHANGES PR: 230568 Submitted by: Dmitri Goutnik <dg@syrec.org> Approved by: jharris@widomaker.com (maintainer)
16 lines
660 B
Text
16 lines
660 B
Text
--- WWW/Library/Implementation/HTTP.c.orig 2018-08-12 12:33:30 UTC
|
|
+++ WWW/Library/Implementation/HTTP.c
|
|
@@ -206,11 +206,8 @@ SSL *HTGetSSLHandle(void)
|
|
#else
|
|
SSLeay_add_ssl_algorithms();
|
|
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) != NULL) {
|
|
-#ifdef SSL_OP_NO_SSLv2
|
|
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
|
|
-#else
|
|
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
|
|
-#endif
|
|
+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
|
|
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
|
#ifdef SSL_OP_NO_COMPRESSION
|
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
|
|
#endif
|