aboutsummaryrefslogtreecommitdiff
path: root/lib/cyassl.h
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2012-01-19 10:38:14 +0100
committerDaniel Stenberg <daniel@haxx.se>2012-01-24 08:54:26 +0100
commitdb1a856b4f7cf6ae334fb0656b26a18eea317000 (patch)
treeecff5e8c7f28921c8bdf6443f26d176cbac82ccc /lib/cyassl.h
parentee57e9dea63c3706c3679ff77426680bc1a327bf (diff)
OpenSSL: don't disable security work-around
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around despite the fact that SSL_OP_ALL is documented to do "rather harmless" workarounds. The libcurl code uses the SSL_OP_ALL define and thus logically always disables the OpenSSL fix. In order to keep the secure work-around workding, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change makes sure of this. Reported by: product-security at Apple
Diffstat (limited to 'lib/cyassl.h')
0 files changed, 0 insertions, 0 deletions