Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
libopenssl0_9_8
openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2016-0800-DROWN-disable-ssl2.patch of Package libopenssl0_9_8
Index: openssl-0.9.8zh/ssl/ssl_lib.c =================================================================== --- openssl-0.9.8zh.orig/ssl/ssl_lib.c 2016-03-01 14:45:01.841401757 +0100 +++ openssl-0.9.8zh/ssl/ssl_lib.c 2016-03-01 14:45:02.711416004 +0100 @@ -1610,6 +1610,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) #endif + /* Default is now SSLv2 disabled (CVE-2016-0800 bsc#968046 DROWN) */ + if (!getenv("OPENSSL_ALLOW_SSL2")) + ret->options |= SSL_OP_NO_SSLv2; + #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO Index: openssl-0.9.8zh/ssl/ssl_ciph.c =================================================================== --- openssl-0.9.8zh.orig/ssl/ssl_ciph.c 2016-03-01 14:45:02.711416004 +0100 +++ openssl-0.9.8zh/ssl/ssl_ciph.c 2016-03-01 14:47:33.139891339 +0100 @@ -517,6 +517,7 @@ static void ssl_cipher_collect_ciphers(c { int i, co_list_num; SSL_CIPHER *c; + int support_export = !!getenv("OPENSSL_ALLOW_EXPORT"); /* * We have num_of_ciphers descriptions compiled in, depending on the @@ -531,12 +532,11 @@ static void ssl_cipher_collect_ciphers(c c = ssl_method->get_cipher(i); #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) /* drop those that use any of that is not available */ + if ((c != NULL) && c->valid && !IS_MASKED(c) && #ifdef OPENSSL_FIPS - if ((c != NULL) && c->valid && !IS_MASKED(c) - && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) -#else - if ((c != NULL) && c->valid && !IS_MASKED(c)) + (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && #endif + (!(c->algo_strength & SSL_EXPORT) || support_export)) { co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor