SERVER-15673 Disable SSLv3 ciphers (CVE-2014-3566 "POODLE")

(cherry picked from commit bdee10aed8691579d17300a1235edce8742ef6dd)
author: Andreas Nilsson <andreas.nilsson@10gen.com> 2014-10-15 15:25:07 -0400
committer: Dan Pasette <dan@mongodb.com> 2014-10-27 22:40:29 -0400
commit: 035b5a90f56d653e930fcbe20c89f4dda7e48a30 (patch)
tree: a99624c431eb3e92fc350f33bfbb2fe8f5533532 /src/mongo/util
parent: 8ffd49eda26de47acb766b4094f7aba4ddb7a25d (diff)
download: mongo-035b5a90f56d653e930fcbe20c89f4dda7e48a30.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index a40b1c3132d..6f036451b3f 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -532,8 +532,9 @@ namespace mongo {
                 context);
 
         // SSL_OP_ALL - Activate all bug workaround options, to support buggy client SSL's.
-        // SSL_OP_NO_SSLv2 - Disable SSL v2 support 
-        SSL_CTX_set_options(*context, SSL_OP_ALL|SSL_OP_NO_SSLv2);
+        // SSL_OP_NO_SSLv2 - Disable SSL v2 support
+        // SSL_OP_NO_SSLv3 - Disable SSL v3 support
+        SSL_CTX_set_options(*context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
 
         // HIGH - Enable strong ciphers
         // !EXPORT - Disable export ciphers (40/56 bit)
author	Andreas Nilsson <andreas.nilsson@10gen.com>	2014-10-15 15:25:07 -0400
committer	Dan Pasette <dan@mongodb.com>	2014-10-27 22:40:29 -0400
commit	035b5a90f56d653e930fcbe20c89f4dda7e48a30 (patch)
tree	a99624c431eb3e92fc350f33bfbb2fe8f5533532 /src/mongo/util
parent	8ffd49eda26de47acb766b4094f7aba4ddb7a25d (diff)
download	mongo-035b5a90f56d653e930fcbe20c89f4dda7e48a30.tar.gz