[oe-commits] Brendan Le Foll : openssl: disable SSLv3 by default
git at git.openembedded.org
git at git.openembedded.org
Thu Feb 19 07:52:15 UTC 2015
Module: openembedded-core.git
Branch: master-next
Commit: 4e691d06ffdb4d1fd940996f419308fe53454df7
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=4e691d06ffdb4d1fd940996f419308fe53454df7
Author: Brendan Le Foll <brendan.le.foll at intel.com>
Date: Mon Feb 16 11:18:29 2015 +0000
openssl: disable SSLv3 by default
Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable
SSLv3 even if patched with the TLS_FALLBACK_SCSV
Signed-off-by: Brendan Le Foll <brendan.le.foll at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/recipes-connectivity/openssl/openssl.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 6eb1b5e..ba9bca6 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -50,6 +50,10 @@ CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = " -no-ssl3"
+
do_configure_prepend_darwin () {
sed -i -e '/version-script=openssl\.ld/d' Configure
}
More information about the Openembedded-commits
mailing list