Commit fe4c4ab9 authored by Harin Vadodaria's avatar Harin Vadodaria

Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL

Explicitly disable weaker SSL protocols.
parent 3ce85548
/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. /* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, ...@@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{ {
DH *dh; DH *dh;
struct st_VioSSLFd *ssl_fd; struct st_VioSSLFd *ssl_fd;
long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
DBUG_ENTER("new_VioSSLFd"); DBUG_ENTER("new_VioSSLFd");
DBUG_PRINT("enter", DBUG_PRINT("enter",
("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' " ("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' "
...@@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file, ...@@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_RETURN(0); DBUG_RETURN(0);
} }
SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
/* /*
Set the ciphers that can be used Set the ciphers that can be used
NOTE: SSL_CTX_set_cipher_list will return 0 if NOTE: SSL_CTX_set_cipher_list will return 0 if
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment