public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: disable SSLv2 and SSLv3 protocols by default
Date: Tue, 09 Jun 2026 12:43:22 GMT [thread overview]
Message-ID: <178100900208.1.15655113546600679021.rpms-openssl-646646611547@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 646646611547dd7072b0562ed5f27861fbb12f48
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2014-06-30T14:21:11+02:00
Stats : +20/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/646646611547dd7072b0562ed5f27861fbb12f48?branch=rebase_40beta
Log:
disable SSLv2 and SSLv3 protocols by default
(can be enabled via appropriate SSL_CTX_clear_options() call)
---
diff --git a/openssl-1.0.1h-disable-sslv2v3.patch b/openssl-1.0.1h-disable-sslv2v3.patch
new file mode 100644
index 0000000..83afda0
--- /dev/null
+++ b/openssl-1.0.1h-disable-sslv2v3.patch
@@ -0,0 +1,13 @@
+diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c
+--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200
++++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200
+@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ */
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+
++ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
++
+ return(ret);
+ err:
+ SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
diff --git a/openssl.spec b/openssl.spec
index 61b584d..a4196ad 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1h
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -84,6 +84,7 @@ Patch78: openssl-1.0.1g-3des-strength.patch
Patch90: openssl-1.0.1e-enc-fail.patch
Patch91: openssl-1.0.1e-ssl2-no-ec.patch
Patch92: openssl-1.0.1h-system-cipherlist.patch
+Patch93: openssl-1.0.1h-disable-sslv2v3.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1h-session-resumption.patch
@@ -208,6 +209,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch90 -p1 -b .enc-fail
%patch91 -p1 -b .ssl2noec
%patch92 -p1 -b .system
+%patch93 -p1 -b .v2v3
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .resumption
@@ -478,6 +480,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Mon Jun 30 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-5
+- disable SSLv2 and SSLv3 protocols by default (can be enabled
+ via appropriate SSL_CTX_clear_options() call)
+
* Wed Jun 11 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-4
- use system profile for default cipher list
reply other threads:[~2026-06-09 12:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100900208.1.15655113546600679021.rpms-openssl-646646611547@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox