Skip to content

Commit fe4c4ab

Browse files
harinvadodariaharinvadodaria
committed
Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL
Explicitly disable weaker SSL protocols.
1 parent 3ce8554 commit fe4c4ab

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

vio/viosslfactories.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
1+
/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
22
33
This program is free software; you can redistribute it and/or modify
44
it under the terms of the GNU General Public License as published by
@@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
173173
{
174174
DH *dh;
175175
struct st_VioSSLFd *ssl_fd;
176+
long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
176177
DBUG_ENTER("new_VioSSLFd");
177178
DBUG_PRINT("enter",
178179
("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' "
@@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
200201
DBUG_RETURN(0);
201202
}
202203

204+
SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
205+
203206
/*
204207
Set the ciphers that can be used
205208
NOTE: SSL_CTX_set_cipher_list will return 0 if

0 commit comments

Comments
 (0)