diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2012-01-27 08:44:08 (GMT) |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2012-01-27 08:44:08 (GMT) |
| commit | 374b4ea9da3dfa92641fff91015246a5ef6b27fb (patch) | |
| tree | e44c207d57f785cd6fa1775d2f3287615da46a4b /Modules | |
| parent | 64b2b6a84d48ba0ddfdfc1cdde20d2932562a1b0 (diff) | |
| parent | d358e0554bc520768041652676ec8e6076f221a9 (diff) | |
| download | cpython-374b4ea9da3dfa92641fff91015246a5ef6b27fb.zip cpython-374b4ea9da3dfa92641fff91015246a5ef6b27fb.tar.gz cpython-374b4ea9da3dfa92641fff91015246a5ef6b27fb.tar.bz2 | |
Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_ssl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index becf6a5..eaf67c4 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -369,7 +369,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file, } /* ssl compatibility */ - SSL_CTX_set_options(self->ctx, SSL_OP_ALL); + SSL_CTX_set_options(self->ctx, + SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); verification_mode = SSL_VERIFY_NONE; if (certreq == PY_SSL_CERT_OPTIONAL) |