diff options
author | Daniel Stenberg <daniel@haxx.se> | 2012-01-19 10:38:14 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2012-01-24 08:54:26 +0100 |
commit | db1a856b4f7cf6ae334fb0656b26a18eea317000 (patch) | |
tree | ecff5e8c7f28921c8bdf6443f26d176cbac82ccc /lib/cyassl.h | |
parent | ee57e9dea63c3706c3679ff77426680bc1a327bf (diff) |
OpenSSL: don't disable security work-around
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
(http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit
to SSL_OP_ALL that _disables_ that work-around despite the fact that
SSL_OP_ALL is documented to do "rather harmless" workarounds.
The libcurl code uses the SSL_OP_ALL define and thus logically always
disables the OpenSSL fix.
In order to keep the secure work-around workding, the
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change
makes sure of this.
Reported by: product-security at Apple
Diffstat (limited to 'lib/cyassl.h')
0 files changed, 0 insertions, 0 deletions