From: Brendan Le Foll <[email protected]> Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable SSLv3 even if patched with the TLS_FALLBACK_SCSV
Signed-off-by: Brendan Le Foll <[email protected]> --- meta/recipes-connectivity/openssl/openssl.inc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index 6eb1b5e..ba9bca6 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc @@ -50,6 +50,10 @@ CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" RRECOMMENDS_libcrypto += "openssl-conf" RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" +# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE +# vulnerability +EXTRA_OECONF = " -no-ssl3" + do_configure_prepend_darwin () { sed -i -e '/version-script=openssl\.ld/d' Configure } -- 2.2.1 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
