Merge OpenSSL 1.0.1s. This is a security update.

Relnotes: yes Approved by: re (so@ implicit)
author: delphij <delphij@FreeBSD.org> 2016-03-02 15:43:01 +0000
committer: delphij <delphij@FreeBSD.org> 2016-03-02 15:43:01 +0000
commit: 73af9669cdc04af0c06344ce6f0d85808187eab3 (patch)
tree: f76285aeef43941ffcb77e3220027526a2c2c421 /crypto/openssl/ssl/ssl_lib.c
parent: 3b4b162df0228ed74a1e63eccc7315071254344f (diff)
download: FreeBSD-src-73af9669cdc04af0c06344ce6f0d85808187eab3.zip
FreeBSD-src-73af9669cdc04af0c06344ce6f0d85808187eab3.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 93d1cbe..33c52ac 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -1896,6 +1896,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
      */
     ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
 
+    /*
+     * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+     * explicitly clear this option via either of SSL_CTX_clear_options() or
+     * SSL_clear_options().
+     */
+    ret->options |= SSL_OP_NO_SSLv2;
+
     return (ret);
  err:
     SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
author	delphij <delphij@FreeBSD.org>	2016-03-02 15:43:01 +0000
committer	delphij <delphij@FreeBSD.org>	2016-03-02 15:43:01 +0000
commit	73af9669cdc04af0c06344ce6f0d85808187eab3 (patch)
tree	f76285aeef43941ffcb77e3220027526a2c2c421 /crypto/openssl/ssl/ssl_lib.c
parent	3b4b162df0228ed74a1e63eccc7315071254344f (diff)
download	FreeBSD-src-73af9669cdc04af0c06344ce6f0d85808187eab3.zip FreeBSD-src-73af9669cdc04af0c06344ce6f0d85808187eab3.tar.gz