Skip to content

C
cpython
Commit a2eb0a44 authored by Antoine Pitrou's avatar Antoine Pitrou
Browse files
Options

Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.

parent 43237ce4
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 1 deletion
Misc/NEWS
View file @ a2eb0a44
...@@ -13,6 +13,9 @@ Core and Builtins ...@@ -13,6 +13,9 @@ Core and Builtins
Library Library
------- -------
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
What's New in Python 2.6.7? What's New in Python 2.6.7?
=========================== ===========================
......
Modules/_ssl.c
View file @ a2eb0a44
...@@ -357,7 +357,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, ...@@ -357,7 +357,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
} }
/* ssl compatibility */ /* ssl compatibility */
SSL_CTX_set_options(self->ctx, SSL_OP_ALL); SSL_CTX_set_options(self->ctx,
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
verification_mode = SSL_VERIFY_NONE; verification_mode = SSL_VERIFY_NONE;
if (certreq == PY_SSL_CERT_OPTIONAL) if (certreq == PY_SSL_CERT_OPTIONAL)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7