Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL

Explicitly disable weaker SSL protocols.
author: Harin Vadodaria <harin.vadodaria@oracle.com> 2015-01-02 10:18:04 +0530
committer: Harin Vadodaria <harin.vadodaria@oracle.com> 2015-01-02 10:18:04 +0530
commit: fe4c4ab914d82af1a1cb2e1bca78c8dcfbc57d4d (patch)
tree: 1e9917c127ba8c354cf7bfa621aa4490301fa7f0 /vio
parent: 3ce85548bd10992f6a64d5eff3dcf0cc3d4ad6af (diff)
download: mariadb-git-fe4c4ab914d82af1a1cb2e1bca78c8dcfbc57d4d.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index cd6a6d68cb4..7e475683f9a 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
 {
   DH *dh;
   struct st_VioSSLFd *ssl_fd;
+  long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
   DBUG_ENTER("new_VioSSLFd");
   DBUG_PRINT("enter",
              ("key_file: '%s'  cert_file: '%s'  ca_file: '%s'  ca_path: '%s'  "
@@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
     DBUG_RETURN(0);
   }
 
+  SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
+
   /*
     Set the ciphers that can be used
     NOTE: SSL_CTX_set_cipher_list will return 0 if
author	Harin Vadodaria <harin.vadodaria@oracle.com>	2015-01-02 10:18:04 +0530
committer	Harin Vadodaria <harin.vadodaria@oracle.com>	2015-01-02 10:18:04 +0530
commit	fe4c4ab914d82af1a1cb2e1bca78c8dcfbc57d4d (patch)
tree	1e9917c127ba8c354cf7bfa621aa4490301fa7f0 /vio
parent	3ce85548bd10992f6a64d5eff3dcf0cc3d4ad6af (diff)
download	mariadb-git-fe4c4ab914d82af1a1cb2e1bca78c8dcfbc57d4d.tar.gz