public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: disable SSLv3 by default again
Date: Tue, 09 Jun 2026 12:43:29 GMT [thread overview]
Message-ID: <178100900919.1.3947109464709190033.rpms-openssl-80b5477597e9@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 80b5477597e9f0d9fababd854adfb4988b37efd5
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2014-11-20T10:25:56+01:00
Stats : +8/-3 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/80b5477597e9f0d9fababd854adfb4988b37efd5?branch=rebase_40beta
Log:
disable SSLv3 by default again
Mail servers and possibly LDAP servers should probably allow
it explicitly by SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3) call
for buggy legacy clients on the smtps, imaps, and ldaps ports.
---
diff --git a/openssl-1.0.1h-disable-sslv2v3.patch b/openssl-1.0.1h-disable-sslv2v3.patch
index 7a028aa..83afda0 100644
--- a/openssl-1.0.1h-disable-sslv2v3.patch
+++ b/openssl-1.0.1h-disable-sslv2v3.patch
@@ -5,8 +5,8 @@ diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-+ /* Disable SSLv2 by default (affects the SSLv23_method() only) */
-+ ret->options |= SSL_OP_NO_SSLv2;
++ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
return(ret);
err:
diff --git a/openssl.spec b/openssl.spec
index e7ee263..191531e 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1j
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -478,6 +478,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Wed Nov 20 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-3
+- disable SSLv3 by default again (mail servers and possibly
+ LDAP servers should probably allow it explicitly for legacy
+ clients)
+
* Tue Oct 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-2
- update the FIPS RSA keygen to be FIPS 186-4 compliant
reply other threads:[~2026-06-09 12:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100900919.1.3947109464709190033.rpms-openssl-80b5477597e9@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox