Merge remote-tracking branch 'origin/stable/10' into devel

author: Renato Botelho <renato@netgate.com> 2016-03-02 14:39:21 -0300
committer: Renato Botelho <renato@netgate.com> 2016-03-02 14:39:21 -0300
commit: 065e672a01ab2d9ebfed1dccb588be99bd5bc73a (patch)
tree: d9dac06d252aac65ba30921226a2f5f5d63c1bb1 /crypto/openssl/ssl/ssl_lib.c
parent: b4655eb4fab0c00a03febe9ef8caad97c0026fe5 (diff)
parent: 73af9669cdc04af0c06344ce6f0d85808187eab3 (diff)
download: FreeBSD-src-065e672a01ab2d9ebfed1dccb588be99bd5bc73a.zip
FreeBSD-src-065e672a01ab2d9ebfed1dccb588be99bd5bc73a.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 93d1cbe..33c52ac 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -1896,6 +1896,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
      */
     ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
 
+    /*
+     * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+     * explicitly clear this option via either of SSL_CTX_clear_options() or
+     * SSL_clear_options().
+     */
+    ret->options |= SSL_OP_NO_SSLv2;
+
     return (ret);
  err:
     SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
author	Renato Botelho <renato@netgate.com>	2016-03-02 14:39:21 -0300
committer	Renato Botelho <renato@netgate.com>	2016-03-02 14:39:21 -0300
commit	065e672a01ab2d9ebfed1dccb588be99bd5bc73a (patch)
tree	d9dac06d252aac65ba30921226a2f5f5d63c1bb1 /crypto/openssl/ssl/ssl_lib.c
parent	b4655eb4fab0c00a03febe9ef8caad97c0026fe5 (diff)
parent	73af9669cdc04af0c06344ce6f0d85808187eab3 (diff)
download	FreeBSD-src-065e672a01ab2d9ebfed1dccb588be99bd5bc73a.zip FreeBSD-src-065e672a01ab2d9ebfed1dccb588be99bd5bc73a.tar.gz