public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: disable SSLv2 and SSLv3 protocols by default
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 646646611547dd7072b0562ed5f27861fbb12f48
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2014-06-30T14:21:11+02:00
Stats : +20/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/646646611547dd7072b0562ed5f27861fbb12f48?branch=rebase_40beta
Log:
disable SSLv2 and SSLv3 protocols by default
(can be enabled via appropriate SSL_CTX_clear_options() call)
---
diff --git a/openssl-1.0.1h-disable-sslv2v3.patch b/openssl-1.0.1h-disable-sslv2v3.patch
new file mode 100644
index 0000000..83afda0
--- /dev/null
+++ b/openssl-1.0.1h-disable-sslv2v3.patch
@@ -0,0 +1,13 @@
+diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c
+--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200
++++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200
+@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ */
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+
++ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
++
+ return(ret);
+ err:
+ SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
diff --git a/openssl.spec b/openssl.spec
index 61b584d..a4196ad 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1h
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -84,6 +84,7 @@ Patch78: openssl-1.0.1g-3des-strength.patch
Patch90: openssl-1.0.1e-enc-fail.patch
Patch91: openssl-1.0.1e-ssl2-no-ec.patch
Patch92: openssl-1.0.1h-system-cipherlist.patch
+Patch93: openssl-1.0.1h-disable-sslv2v3.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1h-session-resumption.patch
@@ -208,6 +209,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch90 -p1 -b .enc-fail
%patch91 -p1 -b .ssl2noec
%patch92 -p1 -b .system
+%patch93 -p1 -b .v2v3
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .resumption
@@ -478,6 +480,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Mon Jun 30 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-5
+- disable SSLv2 and SSLv3 protocols by default (can be enabled
+ via appropriate SSL_CTX_clear_options() call)
+
* Wed Jun 11 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-4
- use system profile for default cipher list
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: disable SSLv2 and SSLv3 protocols by default Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox