diff options
author | Brendan Le Foll <brendan.le.foll@intel.com> | 2015-02-16 11:18:29 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-02-19 07:50:44 +0000 |
commit | 4e691d06ffdb4d1fd940996f419308fe53454df7 (patch) | |
tree | 4038dcf1ff5b0ee2c1a36cdba28d8cec9a6fcd49 /meta/recipes-connectivity/openssl | |
parent | 0d446ef0e5bbca7058eec7259e34f2a1637dfab1 (diff) | |
download | openembedded-core-4e691d06ffdb4d1fd940996f419308fe53454df7.tar.gz openembedded-core-4e691d06ffdb4d1fd940996f419308fe53454df7.tar.bz2 openembedded-core-4e691d06ffdb4d1fd940996f419308fe53454df7.zip |
openssl: disable SSLv3 by default
Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable
SSLv3 even if patched with the TLS_FALLBACK_SCSV
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl.inc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index 6eb1b5eac9..ba9bca6af4 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc @@ -50,6 +50,10 @@ CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" RRECOMMENDS_libcrypto += "openssl-conf" RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" +# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE +# vulnerability +EXTRA_OECONF = " -no-ssl3" + do_configure_prepend_darwin () { sed -i -e '/version-script=openssl\.ld/d' Configure } |