Commit f2bf8a6a authored by Antoine Pitrou's avatar Antoine Pitrou

Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.

parent 889bb296
......@@ -13,6 +13,9 @@ Core and Builtins
Library
-------
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
- Issue #11603: Fix a crash when __str__ is rebound as __repr__. Patch by
Andreas Stührk.
......
......@@ -365,7 +365,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
}
/* ssl compatibility */
SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
SSL_CTX_set_options(self->ctx,
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
verification_mode = SSL_VERIFY_NONE;
if (certreq == PY_SSL_CERT_OPTIONAL)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment