inn-committers Digest, Vol 53, Issue 3

Thu, 04 Jul 2013 05:00:51 -0700 

Send inn-committers mailing list submissions to
        inn-committers@lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/inn-committers
or, via email, send a message with subject or body 'help' to
        inn-committers-requ...@lists.isc.org

You can reach the person managing the list at
        inn-committers-ow...@lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-committers digest..."


Today's Topics:

   1. INN commit: trunk (doc/pod/news.pod nnrpd/tls.c) (INN Commit)


----------------------------------------------------------------------

Message: 1
Date: Wed,  3 Jul 2013 13:08:03 -0700 (PDT)
From: INN Commit <r...@isc.org>
To: inn-committ...@isc.org
Subject: INN commit: trunk (doc/pod/news.pod nnrpd/tls.c)
Message-ID: <20130703200803.bd23567...@hope.eyrie.org>

    Date: Wednesday, July 3, 2013 @ 13:08:03
  Author: iulius
Revision: 9503

disable the use of SSLv2 owing to its being unsafe

Modified:
  trunk/doc/pod/news.pod
  trunk/nnrpd/tls.c

------------------+
 doc/pod/news.pod |    5 +++++
 nnrpd/tls.c      |    3 +++
 2 files changed, 8 insertions(+)

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod    2013-07-01 17:39:30 UTC (rev 9502)
+++ doc/pod/news.pod    2013-07-03 20:08:03 UTC (rev 9503)
@@ -115,6 +115,11 @@
 Building with Libtool is no longer optional.  The B<--enable-libtool>
 option to B<configure> has been removed.
 
+=item *
+
+For security reasons, use of the flawed SSLv2 protocol is now disabled
+for TLS sessions with B<nnrpd>.
+
 =back
 
 =head1 Changes in 2.5.4

Modified: nnrpd/tls.c
===================================================================
--- nnrpd/tls.c 2013-07-01 17:39:30 UTC (rev 9502)
+++ nnrpd/tls.c 2013-07-03 20:08:03 UTC (rev 9503)
@@ -450,6 +450,9 @@
     };
 
     off |= SSL_OP_ALL;         /* Work around all known bugs. */
+#ifdef SSL_OP_NO_SSLv2
+    off |= SSL_OP_NO_SSLv2;     /* Too many holes in SSLv2. */
+#endif
     SSL_CTX_set_options(CTX, off);
     SSL_CTX_set_info_callback(CTX, apps_ssl_info_callback);
     SSL_CTX_sess_set_cache_size(CTX, 128);



------------------------------

_______________________________________________
inn-committers mailing list
inn-committers@lists.isc.org
https://lists.isc.org/mailman/listinfo/inn-committers

End of inn-committers Digest, Vol 53, Issue 3
*********************************************

Reply via email to