[Python-checkins] cpython (2.6): Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV
antoine.pitrou
python-checkins at python.org
Fri Jan 27 09:49:21 CET 2012
http://hg.python.org/cpython/rev/9a4131ada792
changeset: 74645:9a4131ada792
branch: 2.6
parent: 73245:62fa61f2ee7d
user: Antoine Pitrou <solipsis at pitrou.net>
date: Fri Jan 27 09:42:45 2012 +0100
summary:
Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
files:
Misc/NEWS | 3 +++
Modules/_ssl.c | 3 ++-
2 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@
Library
-------
+- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
+ IV attack countermeasure.
+
What's New in Python 2.6.7?
===========================
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -357,7 +357,8 @@
}
/* ssl compatibility */
- SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
+ SSL_CTX_set_options(self->ctx,
+ SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
verification_mode = SSL_VERIFY_NONE;
if (certreq == PY_SSL_CERT_OPTIONAL)
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list