Hi, the attached patch switches the syncevo-http-server script from using SSLv3 to TLS. This avoids the potential security risk that arises with SSLv3 and also fixes connections problems with clients not supporting SSLv3 anymore. The latter is the case with syncevolution in Debian Jessie, as it uses gnutls with disabled SSLv3 support.
Regards, Tino
>From 930d61240e69a607c32e277b3e2ff963aa5181db Mon Sep 17 00:00:00 2001 From: Tino Mettler <tino+deb...@tikei.de> Date: Thu, 4 Dec 2014 17:11:22 +0100 Subject: [PATCH] Use TLS instead of SSLv3 This fixes a potential security risk and connection problems with clients that don't support SSLv3 anymore. Closes: #772040 --- test/syncevo-http-server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/syncevo-http-server.py b/test/syncevo-http-server.py index 57210ae..6c14088 100755 --- a/test/syncevo-http-server.py +++ b/test/syncevo-http-server.py @@ -40,7 +40,7 @@ timeout=100000 class ChainedOpenSSLContextFactory(ssl.DefaultOpenSSLContextFactory): def __init__(self, privateKeyFileName, certificateChainFileName, - sslmethod = SSL.SSLv3_METHOD): + sslmethod = SSL.TLSv1_METHOD): """ @param privateKeyFileName: Name of a file containing a private key @param certificateChainFileName: Name of a file containing a certificate chain -- 2.1.3
_______________________________________________ SyncEvolution mailing list SyncEvolution@syncevolution.org https://lists.syncevolution.org/mailman/listinfo/syncevolution