diff options
| author | Kaleb S. KEITHLEY <kkeithle@redhat.com> | 2014-10-22 10:25:29 -0400 |
|---|---|---|
| committer | Kaleb KEITHLEY <kkeithle@redhat.com> | 2014-10-29 10:31:40 -0700 |
| commit | 4dc4325a4c643b25fa7b670a30cf253491740d97 (patch) | |
| tree | 41a9d908b750a833f9ef03b820e48fab199ec63f /xlators/cluster/afr/src/afr-common.c | |
| parent | fe3e541ac559c975f7b27cb07834c572db1c4465 (diff) | |
socket: disallow CBC cipher modes
This is related to CVE-2014-3566 a.k.a. POODLE.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
POODLE is specific to CBC cipher modes in SSLv3. Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes. The default cipher-mode specification in our code has been
changed accordingly.
cherry picked from http://review.gluster.org/#/c/8962/
BZ 1155328
Change-Id: Id38a7eb3ab55058a0ee5dda9cb4c62b49b1ab9cb
BUG: 1155630
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/8967
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Diffstat (limited to 'xlators/cluster/afr/src/afr-common.c')
0 files changed, 0 insertions, 0 deletions