mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL

Browse source 
Explicitly disable weaker SSL protocols.
This commit is contained in:
Harin Vadodaria 2015-01-02 10:18:04 +05:30
parent 3ce85548bd
commit fe4c4ab914
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
vio/viosslfactories.c
View file

@ -1,4 +1,4 @@
/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. /* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{ {
DH *dh; DH *dh;
struct st_VioSSLFd *ssl_fd; struct st_VioSSLFd *ssl_fd;
long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
DBUG_ENTER("new_VioSSLFd"); DBUG_ENTER("new_VioSSLFd");
DBUG_PRINT("enter", DBUG_PRINT("enter",
("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' " ("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' "
@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_RETURN(0); DBUG_RETURN(0);
} }
SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
/* /*
Set the ciphers that can be used Set the ciphers that can be used
NOTE: SSL_CTX_set_cipher_list will return 0 if NOTE: SSL_CTX_set_cipher_list will return 0 if