[CalendarServer-changes] [14035] twext/trunk/twext/internet/ssl.py

[source_changes at macosforge.org]

Revision: 14035
          http://trac.calendarserver.org//changeset/14035
Author:   cdaboo at apple.com
Date:     2014-10-03 03:24:24 -0700 (Fri, 03 Oct 2014)
Log Message:
-----------
Disable SSLv3 due to yet another SSL vulnerability.

Modified Paths:
--------------
    twext/trunk/twext/internet/ssl.py

Modified: twext/trunk/twext/internet/ssl.py
===================================================================
--- twext/trunk/twext/internet/ssl.py	2014-10-01 10:34:05 UTC (rev 14034)
+++ twext/trunk/twext/internet/ssl.py	2014-10-03 10:24:24 UTC (rev 14035)
@@ -23,7 +23,7 @@
 ]
 
 from OpenSSL.SSL import Context as SSLContext, SSLv23_METHOD, OP_NO_SSLv2, \
-    OP_CIPHER_SERVER_PREFERENCE
+    OP_CIPHER_SERVER_PREFERENCE, OP_NO_SSLv3
 
 from twisted.internet.ssl import DefaultOpenSSLContextFactory
 
@@ -50,8 +50,9 @@
         # Unfortunate code duplication.
         ctx = SSLContext(self.sslmethod)
 
-        # Always disable SSLv2
+        # Always disable SSLv2/SSLv3
         ctx.set_options(OP_NO_SSLv2)
+        ctx.set_options(OP_NO_SSLv3)
 
         if self.ciphers is not None:
             ctx.set_cipher_list(self.ciphers)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20141003/fb1e0491/attachment.html>