Package: syncevolution / 1.4.99.4-3

0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
From 7d2802314406b0d6218bd04889667e38710b414d Mon Sep 17 00:00:00 2001
From: Tino Mettler <tino+debian@tikei.de>
Date: Thu, 4 Dec 2014 17:11:22 +0100
Subject: [PATCH] Use TLS instead of SSLv3 in SyncML server script

This fixes a potential security risk. It also avoids connection problems
with clients that don't support SSLv3 anymore, like the syncevolution SyncML
client itself.

Closes: #772040
---
 test/syncevo-http-server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/syncevo-http-server.py b/test/syncevo-http-server.py
index 57210ae..6c14088 100755
--- a/test/syncevo-http-server.py
+++ b/test/syncevo-http-server.py
@@ -40,7 +40,7 @@ timeout=100000
 
 class ChainedOpenSSLContextFactory(ssl.DefaultOpenSSLContextFactory):
     def __init__(self, privateKeyFileName, certificateChainFileName,
-                 sslmethod = SSL.SSLv3_METHOD):
+                 sslmethod = SSL.TLSv1_METHOD):
         """
         @param privateKeyFileName: Name of a file containing a private key
         @param certificateChainFileName: Name of a file containing a certificate chain
-- 
2.1.3