diff options
author | Dan Pasette <dan@10gen.com> | 2014-10-27 22:45:56 -0400 |
---|---|---|
committer | Dan Pasette <dan@mongodb.com> | 2014-10-27 22:45:56 -0400 |
commit | 8b9242837510e6410ddcf4f19969da4c7b01b2f7 (patch) | |
tree | 7a273a299ecbb4d6660e6ebe1f9dbd02f1fc306a | |
parent | 6c0fccd4601b65c7c808608a60cbfb182f0b7215 (diff) | |
download | mongo-8b9242837510e6410ddcf4f19969da4c7b01b2f7.tar.gz |
SERVER-15673 Disable SSLv3 ciphers (CVE-2014-3566 "POODLE")
(cherry picked from commit 035b5a90f56d653e930fcbe20c89f4dda7e48a30)
-rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index dd8b3a2fe6f..0efdd7ced60 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -140,7 +140,9 @@ namespace mongo { _context); // Activate all bug workaround options, to support buggy client SSL's. - SSL_CTX_set_options(_context, SSL_OP_ALL); + // SSL_OP_NO_SSLv2 - Disable SSL v2 support + // SSL_OP_NO_SSLv3 - Disable SSL v3 support + SSL_CTX_set_options(*context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3); // If renegotiation is needed, don't return from recv() or send() until it's successful. // Note: this is for blocking sockets only. |