build,src: remove sslv3 support

SSLv3 is susceptible to downgrade attacks. Provide secure defaults, disable v3 protocol support entirely. PR-URL: https://github.com/iojs/io.js/pull/315 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com>
author: Ben Noordhuis <info@bnoordhuis.nl> 2015-01-13 00:45:31 +0100
committer: Ben Noordhuis <info@bnoordhuis.nl> 2015-01-13 01:59:30 +0100
commit: 5165d71048a0cc20c319fcd62ac4c50465ff0414 (patch)
tree: ce05b41dab1258a2f83c7427d5125560d14029fa /deps/openssl/openssl.gyp
parent: 635337f953aac7ae26d1c19630e7f940dbfc3120 (diff)
download: android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.tar.gz
android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.tar.bz2
android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp
index 93f7f740ee..6b644ab253 100644
--- a/deps/openssl/openssl.gyp
+++ b/deps/openssl/openssl.gyp
@@ -1098,6 +1098,9 @@
       # twenty years now.
       'OPENSSL_NO_SSL2',
 
+      # SSLv3 is susceptible to downgrade attacks (POODLE.)
+      'OPENSSL_NO_SSL3',
+
       # Heartbeat is a TLS extension, that couldn't be turned off or
       # asked to be not advertised. Unfortunately this is unacceptable for
       # Microsoft's IIS, which seems to be ignoring whole ClientHello after
author	Ben Noordhuis <info@bnoordhuis.nl>	2015-01-13 00:45:31 +0100
committer	Ben Noordhuis <info@bnoordhuis.nl>	2015-01-13 01:59:30 +0100
commit	5165d71048a0cc20c319fcd62ac4c50465ff0414 (patch)
tree	ce05b41dab1258a2f83c7427d5125560d14029fa /deps/openssl/openssl.gyp
parent	635337f953aac7ae26d1c19630e7f940dbfc3120 (diff)
download	android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.tar.gz android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.tar.bz2 android-node-v8-5165d71048a0cc20c319fcd62ac4c50465ff0414.zip