Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL

Explicitly disable weaker SSL protocols.

Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL
Explicitly disable weaker SSL protocols.
fe4c4ab9 · Harin Vadodaria · 3ce85548 · fe4c4ab9
Commit fe4c4ab9 authored Jan 02, 2015 by Harin Vadodaria
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

vio/viosslfactories.c vio/viosslfactories.c +4 -1

No files found.
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
-/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
 {
  DH *dh;
  struct st_VioSSLFd *ssl_fd;
+  long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
  DBUG_ENTER("new_VioSSLFd");
  DBUG_PRINT("enter",
             ("key_file: '%s'  cert_file: '%s'  ca_file: '%s'  ca_path: '%s'  "
@@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
    DBUG_RETURN(0);
  }

+  SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
+
  /*
    Set the ciphers that can be used
    NOTE: SSL_CTX_set_cipher_list will return 0 if