Mercurial > cpython
changeset 74645:9a4131ada792 2.6
Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. [#13885]
| author | Antoine Pitrou <solipsis@pitrou.net> |
|---|---|
| date | Fri, 27 Jan 2012 09:42:45 +0100 |
| parents | 62fa61f2ee7d |
| children | 8dec547c23d3 24244a744d01 |
| files | Misc/NEWS Modules/_ssl.c |
| diffstat | 2 files changed, 5 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/Misc/NEWS +++ b/Misc/NEWS @@ -13,6 +13,9 @@ Core and Builtins Library ------- +- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC + IV attack countermeasure. + What's New in Python 2.6.7? ===========================
--- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -357,7 +357,8 @@ newPySSLObject(PySocketSockObject *Sock, } /* ssl compatibility */ - SSL_CTX_set_options(self->ctx, SSL_OP_ALL); + SSL_CTX_set_options(self->ctx, + SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); verification_mode = SSL_VERIFY_NONE; if (certreq == PY_SSL_CERT_OPTIONAL)