1 Index: ckermit/ck_ssl.c
2 ===================================================================
3 --- ckermit.orig/ck_ssl.c
5 @@ -1604,10 +1604,12 @@ ssl_tn_init(mode) int mode;
6 /* This can fail because we do not have RSA available */
8 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
10 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
13 debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
18 @@ -1630,10 +1632,14 @@ ssl_tn_init(mode) int mode;
19 debug(F110,"ssl_tn_init","SSLv23_client_method OK",0);
21 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
22 +#ifndef DISABLE_SSLV3
23 tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
24 +#endif /* DISABLE_SSLV3 */
26 +#ifndef DISABLE_SSLV3
28 - "ssl_tn_init","TLSv1_client_method failed",0);
29 + "ssl_tn_init","SSLv3_client_method failed",0);
30 +#endif /* DISABLE_SSLV3 */
32 "ssl_tn_init","All SSL client methods failed",0);
34 @@ -1651,10 +1657,12 @@ ssl_tn_init(mode) int mode;
35 /* This can fail because we do not have RSA available */
37 debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
38 +#ifndef DISABLE_SSLV3
39 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
42 debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
47 @@ -1688,9 +1696,17 @@ ssl_tn_init(mode) int mode;
48 * that cannot read poorly written specs :-)
49 * for TLS be sure to prevent use of SSLv2
51 - SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2);
52 + SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2
57 SSL_CTX_set_options(tls_ctx,
58 - SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
59 + SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
65 SSL_CTX_set_info_callback(ssl_ctx,ssl_client_info_callback);
66 SSL_CTX_set_info_callback(tls_ctx,ssl_client_info_callback);
67 @@ -2215,7 +2231,11 @@ ssl_http_init(hostname) char * hostname;
68 * for TLS be sure to prevent use of SSLv2
70 SSL_CTX_set_options(tls_http_ctx,
71 - SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
72 + SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
78 SSL_CTX_set_info_callback(tls_http_ctx,ssl_client_info_callback);
80 Index: ckermit/ckcftp.c
81 ===================================================================
82 --- ckermit.orig/ckcftp.c
84 @@ -10210,9 +10210,11 @@ ssl_auth() {
85 if (ftp_bug_use_ssl_v2) {
86 /* allow SSL 2.0 or later */
87 client_method = SSLv23_client_method();
88 +#ifndef DISABLE_SSLV3
89 } else if (ftp_bug_use_ssl_v3) {
90 /* allow SSL 3.0 ONLY - previous default */
91 client_method = SSLv3_client_method();
92 +#endif /* DISABLE_SSLV3 */
94 /* default - allow TLS 1.0 or later */
95 client_method = TLSv1_client_method();
96 @@ -10223,6 +10225,9 @@ ssl_auth() {
98 SSL_CTX_set_options(ssl_ftp_ctx,
99 SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
100 +#ifdef DISABLE_SSLV3
101 + |SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
105 ssl_ftp_ctx = SSL_CTX_new(client_method);
106 @@ -10231,6 +10236,9 @@ ssl_auth() {
107 SSL_CTX_set_options(ssl_ftp_ctx,
108 (ftp_bug_use_ssl_v2 ? 0 : SSL_OP_NO_SSLv2)|
109 SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
110 +#ifdef DISABLE_SSLV3
111 + |SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
115 SSL_CTX_set_default_passwd_cb(ssl_ftp_ctx,