| commit | d358e0554bc520768041652676ec8e6076f221a9 | [log] [tgz] |
|---|---|---|
| author | Antoine Pitrou <solipsis@pitrou.net> | Fri Jan 27 09:42:45 2012 +0100 |
| committer | Antoine Pitrou <solipsis@pitrou.net> | Fri Jan 27 09:42:45 2012 +0100 |
| tree | dddbd92a0b1a033e8fc0e3e0b448d4eb31e1bff1 | |
| parent | 141e770e8f351726d983a489bdc81ce1a29b4005 [diff] [blame] |
Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 4619cda..46f71e8 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c
@@ -357,7 +357,8 @@ } /* ssl compatibility */ - SSL_CTX_set_options(self->ctx, SSL_OP_ALL); + SSL_CTX_set_options(self->ctx, + SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); verification_mode = SSL_VERIFY_NONE; if (certreq == PY_SSL_CERT_OPTIONAL)