[CalendarServer-changes] [14035] twext/trunk/twext/internet/ssl.py
source_changes at macosforge.org
source_changes at macosforge.org
Fri Oct 3 03:24:25 PDT 2014
Revision: 14035
http://trac.calendarserver.org//changeset/14035
Author: cdaboo at apple.com
Date: 2014-10-03 03:24:24 -0700 (Fri, 03 Oct 2014)
Log Message:
-----------
Disable SSLv3 due to yet another SSL vulnerability.
Modified Paths:
--------------
twext/trunk/twext/internet/ssl.py
Modified: twext/trunk/twext/internet/ssl.py
===================================================================
--- twext/trunk/twext/internet/ssl.py 2014-10-01 10:34:05 UTC (rev 14034)
+++ twext/trunk/twext/internet/ssl.py 2014-10-03 10:24:24 UTC (rev 14035)
@@ -23,7 +23,7 @@
]
from OpenSSL.SSL import Context as SSLContext, SSLv23_METHOD, OP_NO_SSLv2, \
- OP_CIPHER_SERVER_PREFERENCE
+ OP_CIPHER_SERVER_PREFERENCE, OP_NO_SSLv3
from twisted.internet.ssl import DefaultOpenSSLContextFactory
@@ -50,8 +50,9 @@
# Unfortunate code duplication.
ctx = SSLContext(self.sslmethod)
- # Always disable SSLv2
+ # Always disable SSLv2/SSLv3
ctx.set_options(OP_NO_SSLv2)
+ ctx.set_options(OP_NO_SSLv3)
if self.ciphers is not None:
ctx.set_cipher_list(self.ciphers)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20141003/fb1e0491/attachment.html>
More information about the calendarserver-changes
mailing list