summaryrefslogtreecommitdiffstats
path: root/Modules
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2012-01-27 08:48:47 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2012-01-27 08:48:47 (GMT)
commitf2bf8a6ac51530e14d798a03c8e950dd934d85cd (patch)
tree3a1cc25e0096d15d7158f43ceb0a8b786b04b17b /Modules
parent889bb2969d00a548279c7e4dd237c23b100548e2 (diff)
downloadcpython-f2bf8a6ac51530e14d798a03c8e950dd934d85cd.zip
cpython-f2bf8a6ac51530e14d798a03c8e950dd934d85cd.tar.gz
cpython-f2bf8a6ac51530e14d798a03c8e950dd934d85cd.tar.bz2
Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
Diffstat (limited to 'Modules')
-rw-r--r--Modules/_ssl.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 8ebdc9b..16fbb4d 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -365,7 +365,8 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
}
/* ssl compatibility */
- SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
+ SSL_CTX_set_options(self->ctx,
+ SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
verification_mode = SSL_VERIFY_NONE;
if (certreq == PY_SSL_CERT_OPTIONAL)