Revert "disable SSLv3 by default again" on released branch.

This reverts commit 80b5477597. Conflicts: openssl.spec
2015-01-09 11:34:43 +01:00 · 2015-01-09 11:34:43 +01:00 · 4fcc430a48
parent 7e7e3f299f
commit 4fcc430a48
2 changed files with 2 additions and 7 deletions
--- a/openssl-1.0.1h-disable-sslv2v3.patch
+++ b/openssl-1.0.1h-disable-sslv2v3.patch
@ -5,8 +5,8 @@ diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c
 	 */
 	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
 
-+	/* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
-+	ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+	/* Disable SSLv2 by default (affects the SSLv23_method() only) */
+	ret->options |= SSL_OP_NO_SSLv2;
 +
 	return(ret);
 err:
--- a/openssl.spec
+++ b/openssl.spec
@ -481,11 +481,6 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 * Fri Jan  9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-1
 - new upstream release fixing multiple security issues

-* Thu Nov 20 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-3
- disable SSLv3 by default again (mail servers and possibly
-  LDAP servers should probably allow it explicitly for legacy
-  clients)
-
 * Tue Oct 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-2
 - update the FIPS RSA keygen to be FIPS 186-4 compliant