What about SSLv3 due to POODLE ? On Fri, Mar 20, 2015 at 7:48 PM, Jung-uk Kim <j...@freebsd.org> wrote:
> Author: jkim > Date: Fri Mar 20 23:48:11 2015 > New Revision: 280306 > URL: https://svnweb.freebsd.org/changeset/base/280306 > > Log: > Disable insecure SSLv2 support from the base OpenSSL. > > Differential Revision: https://reviews.freebsd.org/D1304 > > Modified: > head/secure/lib/libcrypto/opensslconf-arm.h > head/secure/lib/libcrypto/opensslconf-mips.h > head/secure/lib/libcrypto/opensslconf-powerpc.h > head/secure/lib/libcrypto/opensslconf-sparc64.h > head/secure/lib/libcrypto/opensslconf-x86.h > head/secure/lib/libssl/Makefile > head/sys/sys/param.h > > Modified: head/secure/lib/libcrypto/opensslconf-arm.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-arm.h Fri Mar 20 21:56:48 2015 > (r280305) > +++ head/secure/lib/libcrypto/opensslconf-arm.h Fri Mar 20 23:48:11 2015 > (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -69,6 +72,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libcrypto/opensslconf-mips.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-mips.h Fri Mar 20 > 21:56:48 2015 (r280305) > +++ head/secure/lib/libcrypto/opensslconf-mips.h Fri Mar 20 > 23:48:11 2015 (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -69,6 +72,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libcrypto/opensslconf-powerpc.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-powerpc.h Fri Mar 20 > 21:56:48 2015 (r280305) > +++ head/secure/lib/libcrypto/opensslconf-powerpc.h Fri Mar 20 > 23:48:11 2015 (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -69,6 +72,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libcrypto/opensslconf-sparc64.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-sparc64.h Fri Mar 20 > 21:56:48 2015 (r280305) > +++ head/secure/lib/libcrypto/opensslconf-sparc64.h Fri Mar 20 > 23:48:11 2015 (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -69,6 +72,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libcrypto/opensslconf-x86.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-x86.h Fri Mar 20 21:56:48 2015 > (r280305) > +++ head/secure/lib/libcrypto/opensslconf-x86.h Fri Mar 20 23:48:11 2015 > (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -66,6 +69,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libssl/Makefile > > ============================================================================== > --- head/secure/lib/libssl/Makefile Fri Mar 20 21:56:48 2015 > (r280305) > +++ head/secure/lib/libssl/Makefile Fri Mar 20 23:48:11 2015 > (r280306) > @@ -12,11 +12,11 @@ NO_LINT= > > SRCS= bio_ssl.c d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c > \ > d1_srtp.c d1_srvr.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c \ > - s23_srvr.c s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c > s2_srvr.c \ > - s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ > - s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c \ > - ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c \ > - t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c > tls_srp.c > + s23_srvr.c s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c > s3_meth.c \ > + s3_pkt.c s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ > + ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ > + ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c > t1_srvr.c \ > + tls_srp.c > > INCS= dtls1.h kssl.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h > INCSDIR=${INCLUDEDIR}/openssl > > Modified: head/sys/sys/param.h > > ============================================================================== > --- head/sys/sys/param.h Fri Mar 20 21:56:48 2015 (r280305) > +++ head/sys/sys/param.h Fri Mar 20 23:48:11 2015 (r280306) > @@ -58,7 +58,7 @@ > * in the range 5 to 9. > */ > #undef __FreeBSD_version > -#define __FreeBSD_version 1100065 /* Master, propagated to newvers */ > +#define __FreeBSD_version 1100066 /* Master, propagated to newvers */ > > /* > * __FreeBSD_kernel__ indicates that this system uses the kernel of > FreeBSD, > _______________________________________________ > svn-src-...@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org" > -- --------------------------------------------------------------------------------- Curb: Your ride is here 4096R/D1EAB94D 2081 E230 3001 6508 8847 1BBF A0A8 DB0F D1EA B94D Philip M. Gollucci (pgollu...@p6m7g8.com) c: 703.336.9354 Member, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Sr. Director IT Operations, Curb What doesn't kill us can only make us stronger; Except it almost kills you. _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"