Hi,
the attached patch switches the syncevo-http-server script from using
SSLv3 to TLS. This avoids the potential security risk that arises with
SSLv3 and also fixes connections problems with clients not supporting
SSLv3 anymore. The latter is the case with syncevolution in Debian
Jessie, as it uses gnutls with disabled SSLv3 support.
Regards,
Tino
>From 930d61240e69a607c32e277b3e2ff963aa5181db Mon Sep 17 00:00:00 2001
From: Tino Mettler <tino+deb...@tikei.de>
Date: Thu, 4 Dec 2014 17:11:22 +0100
Subject: [PATCH] Use TLS instead of SSLv3
This fixes a potential security risk and connection problems with clients
that don't support SSLv3 anymore.
Closes: #772040
---
test/syncevo-http-server.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/syncevo-http-server.py b/test/syncevo-http-server.py
index 57210ae..6c14088 100755
--- a/test/syncevo-http-server.py
+++ b/test/syncevo-http-server.py
@@ -40,7 +40,7 @@ timeout=100000
class ChainedOpenSSLContextFactory(ssl.DefaultOpenSSLContextFactory):
def __init__(self, privateKeyFileName, certificateChainFileName,
- sslmethod = SSL.SSLv3_METHOD):
+ sslmethod = SSL.TLSv1_METHOD):
"""
@param privateKeyFileName: Name of a file containing a private key
@param certificateChainFileName: Name of a file containing a certificate chain
--
2.1.3
_______________________________________________
SyncEvolution mailing list
SyncEvolution@syncevolution.org
https://lists.syncevolution.org/mailman/listinfo/syncevolution
