0376d8368c
- do not include ECC ciphersuites in SSLv2 client hello (#1090952) - fail on hmac integrity check if the .hmac file is empty
22 lines
1.1 KiB
Diff
22 lines
1.1 KiB
Diff
diff -up openssl-1.0.1g/ssl/ssl.h.op-all openssl-1.0.1g/ssl/ssl.h
|
|
--- openssl-1.0.1g/ssl/ssl.h.op-all 2014-05-06 16:03:37.400554125 +0200
|
|
+++ openssl-1.0.1g/ssl/ssl.h 2014-05-06 16:06:21.688352245 +0200
|
|
@@ -549,7 +549,7 @@ struct ssl_session_st
|
|
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
|
|
/* Allow initial connection to servers that don't support RI */
|
|
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
|
|
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
|
|
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
|
|
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
|
|
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
|
|
#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
|
|
@@ -569,7 +569,7 @@ struct ssl_session_st
|
|
|
|
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
|
* This used to be 0x000FFFFFL before 0.9.7. */
|
|
-#define SSL_OP_ALL 0x80000BFFL
|
|
+#define SSL_OP_ALL 0x80000BF7L /* we still have to include SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
|
|
|
|
/* DTLS options */
|
|
#define SSL_OP_NO_QUERY_MTU 0x00001000L
|