diff options
Diffstat (limited to 'testing/erlang/otp-0009-Patch-removes-support-for-SSLv3-protocol-because-it-.patch')
| -rw-r--r-- | testing/erlang/otp-0009-Patch-removes-support-for-SSLv3-protocol-because-it-.patch | 100 |
1 files changed, 0 insertions, 100 deletions
diff --git a/testing/erlang/otp-0009-Patch-removes-support-for-SSLv3-protocol-because-it-.patch b/testing/erlang/otp-0009-Patch-removes-support-for-SSLv3-protocol-because-it-.patch deleted file mode 100644 index fa55663342..0000000000 --- a/testing/erlang/otp-0009-Patch-removes-support-for-SSLv3-protocol-because-it-.patch +++ /dev/null @@ -1,100 +0,0 @@ -From: Sergei Golovan <sgolovan@debian.org> -Date: Sun, 30 Nov 2014 20:20:41 +0300 -Subject: [PATCH] Patch removes support for SSLv3 protocol because it is proved - to be insecure and nobody should use it anymore. - - -diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml -index b53344e..b245621 100644 ---- a/lib/ssl/doc/src/ssl.xml -+++ b/lib/ssl/doc/src/ssl.xml -@@ -123,7 +123,7 @@ - - <p><c>sslsocket() - opaque to the user. </c></p> - -- <p><c>protocol() = sslv3 | tlsv1 | 'tlsv1.1' | 'tlsv1.2' </c></p> -+ <p><c>protocol() = tlsv1 | 'tlsv1.1' | 'tlsv1.2' </c></p> - - <p><c>ciphers() = [ciphersuite()] | string() (according to old API)</c></p> - -diff --git a/lib/ssl/doc/src/ssl_app.xml b/lib/ssl/doc/src/ssl_app.xml -index 43cb393..ff12e04 100644 ---- a/lib/ssl/doc/src/ssl_app.xml -+++ b/lib/ssl/doc/src/ssl_app.xml -@@ -47,10 +47,10 @@ - </p> - <p>Note that the environment parameters can be set on the command line, - for instance,</p> -- <p><c>erl ... -ssl protocol_version '[sslv3, tlsv1]' ...</c>. -+ <p><c>erl ... -ssl protocol_version '[tlsv1.1, tlsv1]' ...</c>. - </p> - <taglist> -- <tag><c><![CDATA[protocol_version = [sslv3|tlsv1] <optional>]]></c>.</tag> -+ <tag><c><![CDATA[protocol_version = [tlsv1|tlsv1.1|tlsv1.2] <optional>]]></c>.</tag> - <item> - <p>Protocol that will be supported by started clients and - servers. If this option is not set it will default to all -@@ -58,6 +58,9 @@ - Note that this option may be overridden by the version option - to ssl:connect/[2,3] and ssl:listen/2. - </p> -+ <p>For Debian GNU/Linux distribution the sslv3 protocol was -+ disabled due to its security issues. -+ </p> - </item> - - <tag><c><![CDATA[session_lifetime = integer() <optional>]]></c></tag> -diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl -index 75efb64..155fa81 100644 ---- a/lib/ssl/src/ssl_internal.hrl -+++ b/lib/ssl/src/ssl_internal.hrl -@@ -67,8 +67,8 @@ - -define(TRUE, 0). - -define(FALSE, 1). - ---define(ALL_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1, sslv3]). ---define(MIN_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1, sslv3]). -+-define(ALL_SUPPORTED_VERSIONS, ['tlsv1.2', 'tlsv1.1', tlsv1]). -+-define(MIN_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1]). - -define(ALL_DATAGRAM_SUPPORTED_VERSIONS, ['dtlsv1.2', dtlsv1]). - -define(MIN_DATAGRAM_SUPPORTED_VERSIONS, ['dtlsv1.2', dtlsv1]). - -diff --git a/lib/ssl/src/ssl_record.hrl b/lib/ssl/src/ssl_record.hrl -index 6aab35d..1511abd 100644 ---- a/lib/ssl/src/ssl_record.hrl -+++ b/lib/ssl/src/ssl_record.hrl -@@ -144,6 +144,7 @@ - %% }). - - -define(LOWEST_MAJOR_SUPPORTED_VERSION, 3). -+-define(LOWEST_MINOR_SUPPORTED_VERSION, 1). - - - -record(generic_stream_cipher, { -diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl -index f50ea22..aa4fc8d 100644 ---- a/lib/ssl/src/tls_record.erl -+++ b/lib/ssl/src/tls_record.erl -@@ -276,14 +276,20 @@ supported_protocol_versions([_|_] = Vsns) -> - %%-------------------------------------------------------------------- - -spec is_acceptable_version(tls_version()) -> boolean(). - is_acceptable_version({N,_}) -- when N >= ?LOWEST_MAJOR_SUPPORTED_VERSION -> -+ when N > ?LOWEST_MAJOR_SUPPORTED_VERSION -> -+ true; -+is_acceptable_version({N,M}) -+ when N == ?LOWEST_MAJOR_SUPPORTED_VERSION andalso M >= ?LOWEST_MINOR_SUPPORTED_VERSION -> - true; - is_acceptable_version(_) -> - false. - - -spec is_acceptable_version(tls_version(), Supported :: [tls_version()]) -> boolean(). - is_acceptable_version({N,_} = Version, Versions) -- when N >= ?LOWEST_MAJOR_SUPPORTED_VERSION -> -+ when N > ?LOWEST_MAJOR_SUPPORTED_VERSION -> -+ lists:member(Version, Versions); -+is_acceptable_version({N,M} = Version, Versions) -+ when N == ?LOWEST_MAJOR_SUPPORTED_VERSION andalso M >= ?LOWEST_MINOR_SUPPORTED_VERSION -> - lists:member(Version, Versions); - is_acceptable_version(_,_) -> - false. |