INN commit: trunk (doc/pod/news.pod nnrpd/tls.c)
INN Commit
rra at isc.org
Wed Jul 3 20:08:03 UTC 2013
Date: Wednesday, July 3, 2013 @ 13:08:03
Author: iulius
Revision: 9503
disable the use of SSLv2 owing to its being unsafe
Modified:
trunk/doc/pod/news.pod
trunk/nnrpd/tls.c
------------------+
doc/pod/news.pod | 5 +++++
nnrpd/tls.c | 3 +++
2 files changed, 8 insertions(+)
Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod 2013-07-01 17:39:30 UTC (rev 9502)
+++ doc/pod/news.pod 2013-07-03 20:08:03 UTC (rev 9503)
@@ -115,6 +115,11 @@
Building with Libtool is no longer optional. The B<--enable-libtool>
option to B<configure> has been removed.
+=item *
+
+For security reasons, use of the flawed SSLv2 protocol is now disabled
+for TLS sessions with B<nnrpd>.
+
=back
=head1 Changes in 2.5.4
Modified: nnrpd/tls.c
===================================================================
--- nnrpd/tls.c 2013-07-01 17:39:30 UTC (rev 9502)
+++ nnrpd/tls.c 2013-07-03 20:08:03 UTC (rev 9503)
@@ -450,6 +450,9 @@
};
off |= SSL_OP_ALL; /* Work around all known bugs. */
+#ifdef SSL_OP_NO_SSLv2
+ off |= SSL_OP_NO_SSLv2; /* Too many holes in SSLv2. */
+#endif
SSL_CTX_set_options(CTX, off);
SSL_CTX_set_info_callback(CTX, apps_ssl_info_callback);
SSL_CTX_sess_set_cache_size(CTX, 128);
More information about the inn-committers
mailing list