openssl/openssl-1.0.0-beta5-cipher-change.patch

22 lines
1.1 KiB
Diff
Raw Normal View History

2010-01-21 08:12:12 +00:00
diff -up openssl-1.0.0-beta5/ssl/ssl.h.cipher-change openssl-1.0.0-beta5/ssl/ssl.h
--- openssl-1.0.0-beta5/ssl/ssl.h.cipher-change 2010-01-20 18:12:07.000000000 +0100
+++ openssl-1.0.0-beta5/ssl/ssl.h 2010-01-20 18:13:04.000000000 +0100
@@ -513,7 +513,7 @@ typedef struct ssl_session_st
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
2010-01-21 08:12:12 +00:00
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
2010-01-21 08:12:12 +00:00
@@ -530,7 +530,7 @@ typedef struct ssl_session_st
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */
2009-08-20 14:20:57 +00:00
-#define SSL_OP_ALL 0x80000FFFL
+#define SSL_OP_ALL 0x80000FF7L
/* DTLS options */
#define SSL_OP_NO_QUERY_MTU 0x00001000L