INN commit: trunk (doc/pod/news.pod nnrpd/tls.c)

INN Commit rra at isc.org
Wed Jul 3 20:08:03 UTC 2013


    Date: Wednesday, July 3, 2013 @ 13:08:03
  Author: iulius
Revision: 9503

disable the use of SSLv2 owing to its being unsafe

Modified:
  trunk/doc/pod/news.pod
  trunk/nnrpd/tls.c

------------------+
 doc/pod/news.pod |    5 +++++
 nnrpd/tls.c      |    3 +++
 2 files changed, 8 insertions(+)

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod	2013-07-01 17:39:30 UTC (rev 9502)
+++ doc/pod/news.pod	2013-07-03 20:08:03 UTC (rev 9503)
@@ -115,6 +115,11 @@
 Building with Libtool is no longer optional.  The B<--enable-libtool>
 option to B<configure> has been removed.
 
+=item *
+
+For security reasons, use of the flawed SSLv2 protocol is now disabled
+for TLS sessions with B<nnrpd>.
+
 =back
 
 =head1 Changes in 2.5.4

Modified: nnrpd/tls.c
===================================================================
--- nnrpd/tls.c	2013-07-01 17:39:30 UTC (rev 9502)
+++ nnrpd/tls.c	2013-07-03 20:08:03 UTC (rev 9503)
@@ -450,6 +450,9 @@
     };
 
     off |= SSL_OP_ALL;		/* Work around all known bugs. */
+#ifdef SSL_OP_NO_SSLv2
+    off |= SSL_OP_NO_SSLv2;     /* Too many holes in SSLv2. */
+#endif
     SSL_CTX_set_options(CTX, off);
     SSL_CTX_set_info_callback(CTX, apps_ssl_info_callback);
     SSL_CTX_sess_set_cache_size(CTX, 128);



More information about the inn-committers mailing list