38 lines
1.3 KiB
Diff
38 lines
1.3 KiB
Diff
diff --git a/rhn/SSL.py b/rhn/SSL.py
|
|
index f8a85bc..9b3c83b 100644
|
|
--- a/rhn/SSL.py
|
|
+++ b/rhn/SSL.py
|
|
@@ -89,6 +89,8 @@ class SSLSocket:
|
|
self._check_closed()
|
|
# Get a context
|
|
self._ctx = SSL.Context(self._ssl_method)
|
|
+ self._ctx.set_options(SSL.OP_NO_SSLv2)
|
|
+ self._ctx.set_options(SSL.OP_NO_SSLv3)
|
|
if self._trusted_certs:
|
|
# We have been supplied with trusted CA certs
|
|
for f in self._trusted_certs:
|
|
diff --git a/rhnlib.spec b/rhnlib.spec
|
|
index 1581072..1d197e9 100644
|
|
--- a/rhnlib.spec
|
|
+++ b/rhnlib.spec
|
|
@@ -7,7 +7,7 @@
|
|
Summary: Python libraries for the Spacewalk project
|
|
Name: rhnlib
|
|
Version: 2.8.6
|
|
-Release: 4%{?dist}
|
|
+Release: 5%{?dist}
|
|
URL: https://github.com/spacewalkproject/spacewalk
|
|
Source0: https://github.com/spacewalkproject/spacewalk/archive/%{name}-%{version}.tar.gz
|
|
|
|
@@ -74,6 +74,10 @@ make -f Makefile.rhnlib
|
|
%endif
|
|
|
|
%changelog
|
|
+* Fri Nov 02 2018 Tomas Kasparek <tkasparek@redhat.com> 2.8.6-5
|
|
+- Resolves: #1643415 - forbid old SSL versions during negotiation
|
|
+ (tkasparek@redhat.com)
|
|
+
|
|
* Tue Apr 17 2018 Tomas Kasparek <tkasparek@redhat.com> 2.8.6-4
|
|
- don't package python2 files for rhnlib (tkasparek@redhat.com)
|
|
- be compliant with new packaging guidelines when requiring python2 packages
|