diff options
author | Simon MacMullen <simon@rabbitmq.com> | 2014-10-21 11:07:03 +0100 |
---|---|---|
committer | Simon MacMullen <simon@rabbitmq.com> | 2014-10-21 11:07:03 +0100 |
commit | 6b46ebf88174dcc84bae589092aa2eed5740cea8 (patch) | |
tree | cb13d513a1dd739ebee40e3fb78610300e286cb9 | |
parent | b923fe09133960fa2b3223d5d457bcaf7f07c082 (diff) | |
download | rabbitmq-server-6b46ebf88174dcc84bae589092aa2eed5740cea8.tar.gz |
Allow people to re-enable SSLv3 even on newer Erlangs with ssl_allow_poodle_attack; people might be stuck with SSLv3-only clients and view this as the lesser of two evils.
-rw-r--r-- | src/rabbit_networking.erl | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/rabbit_networking.erl b/src/rabbit_networking.erl index e65fa1d0..d59b22f6 100644 --- a/src/rabbit_networking.erl +++ b/src/rabbit_networking.erl @@ -165,7 +165,7 @@ poodle_check(Context) -> true -> ok; false -> case application:get_env(rabbit, ssl_allow_poodle_attack) of {ok, true} -> ok; - {ok, false} -> log_poodle_fail(Context), + _ -> log_poodle_fail(Context), danger end end. @@ -207,11 +207,16 @@ fix_verify_fun(SslOptsConfig) -> end. fix_ssl_protocol_versions(Config) -> - Configured = case pget(versions, Config) of - undefined -> pget(available, ssl:versions(), []); - Vs -> Vs - end, - pset(versions, Configured -- ?BAD_SSL_PROTOCOL_VERSIONS, Config). + case application:get_env(rabbit, ssl_allow_poodle_attack) of + {ok, true} -> + Config; + _ -> + Configured = case pget(versions, Config) of + undefined -> pget(available, ssl:versions(), []); + Vs -> Vs + end, + pset(versions, Configured -- ?BAD_SSL_PROTOCOL_VERSIONS, Config) + end. ssl_timeout() -> {ok, Val} = application:get_env(rabbit, ssl_handshake_timeout), |