diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2015-01-13 00:45:31 +0100 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2015-01-13 01:59:30 +0100 |
commit | 5165d71048a0cc20c319fcd62ac4c50465ff0414 (patch) | |
tree | ce05b41dab1258a2f83c7427d5125560d14029fa /deps/openssl/openssl.gyp | |
parent | 635337f953aac7ae26d1c19630e7f940dbfc3120 (diff) | |
download | android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.tar.gz android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.tar.bz2 android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.zip |
build,src: remove sslv3 support
SSLv3 is susceptible to downgrade attacks. Provide secure defaults,
disable v3 protocol support entirely.
PR-URL: https://github.com/iojs/io.js/pull/315
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Diffstat (limited to 'deps/openssl/openssl.gyp')
-rw-r--r-- | deps/openssl/openssl.gyp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp index 93f7f740ee..6b644ab253 100644 --- a/deps/openssl/openssl.gyp +++ b/deps/openssl/openssl.gyp @@ -1098,6 +1098,9 @@ # twenty years now. 'OPENSSL_NO_SSL2', + # SSLv3 is susceptible to downgrade attacks (POODLE.) + 'OPENSSL_NO_SSL3', + # Heartbeat is a TLS extension, that couldn't be turned off or # asked to be not advertised. Unfortunately this is unacceptable for # Microsoft's IIS, which seems to be ignoring whole ClientHello after |