From patchwork Mon Aug 6 19:02:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrell Ball X-Patchwork-Id: 954179 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="MTlGQIFe"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kn8x5SXBz9s4c for ; Tue, 7 Aug 2018 05:02:56 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id C464AD38; Mon, 6 Aug 2018 19:02:54 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 7FD9394B for ; Mon, 6 Aug 2018 19:02:53 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4CF991FB for ; Mon, 6 Aug 2018 19:02:53 +0000 (UTC) Received: by mail-pg1-f193.google.com with SMTP id z8-v6so6627368pgu.8 for ; Mon, 06 Aug 2018 12:02:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=5LR5DThed13OKF+KBzw/V53c29oQgfKuIrMBDxE4C64=; b=MTlGQIFed9/R+i0p9HAzwxvWoMrNu44F1YNyL7obqL2jb78/r74WjtEYH7EKEXAbPQ OiXcPC/AXxDeWWM53D3UrFSoP25QqU5ptm7D/yXqmg3tGQhbDcmNlLV1NH2DmI/bX0Q8 4aA9QQ0jWM5nWeNtdCig55CZY4DUSH7gnYic6MTZ7Xbs7+x4sXn4bON4whv1JP3OUUwn JbyfLzHP7XXze2jQRWInnvIGa/f5kaup1FHYbO6r2YufWnSBg/K2NEypgWpJR6fiI5mr 6DMa8GEXuftIN3p+FVcHu52eeCqJgHwDl0eJeMGygHCLRKqXSf9JhTkRqVQDokSt4nYb g3Bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=5LR5DThed13OKF+KBzw/V53c29oQgfKuIrMBDxE4C64=; b=G7C/5MfsI5/Qa0qhQ4l1AVWiIUuZVx0xfKZti3DiKot/aUc8mTd40X6Yr6Du7aksYP UJFtfLknGKXwgAYVA+5CHuEM91u/YRetFscDhNIKSacM5138GVfbx/b6lTblVQbALrbl NAQVCTJI1wOTdeYpSKK6F97VOLQNLEbT/UzRaK+9grw/XZETYGjUO60gnJbPh8GDMP/d 2RndgcGyYa1MvakqMZY4BmXbS26i0iF2UskiZsiGlcQstTGaHW0pOHAeZqyQD8a/G3mb RaV+iHKyQm1xoOIf1UKBgxpna8npYZAyjiWwAIZ5lF9MFsL10iueLA7zzYTjtrdOi85i a0jQ== X-Gm-Message-State: AOUpUlGBmkv5viDdpdslYTshO9PP4BxAfPye/ueIQXPVo1ie9DO0l8Bn Y+IXpE9yKPtpZh3XXw/Q3/g= X-Google-Smtp-Source: AAOMgpdPz/e0eNXt6GfLqw+D05jwiTFZHwfs3+7lpw2E5zYCiaaI2nlPAdSg6ywSI4+TqK+rkFx0aw== X-Received: by 2002:a63:b00f:: with SMTP id h15-v6mr15884815pgf.442.1533582172865; Mon, 06 Aug 2018 12:02:52 -0700 (PDT) Received: from ubuntu.localdomain (c-73-162-236-45.hsd1.ca.comcast.net. [73.162.236.45]) by smtp.gmail.com with ESMTPSA id l70-v6sm17121406pge.64.2018.08.06.12.02.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Aug 2018 12:02:51 -0700 (PDT) From: Darrell Ball To: dlu998@gmail.com, dev@openvswitch.org Date: Mon, 6 Aug 2018 12:02:42 -0700 Message-Id: <1533582162-2635-1-git-send-email-dlu998@gmail.com> X-Mailer: git-send-email 1.9.1 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [patch v1] stream-ssl: Revert recent chamge to fix travis builds. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Fixes: ab16d2c2871b ("stream-ssl: Don't enable new TLS versions by default") CC: Timothy Redaelli Signed-off-by: Darrell Ball --- lib/stream-ssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index f3d623c..03aa972 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1188,7 +1188,9 @@ stream_ssl_set_protocols(const char *arg) } /* Start with all the flags off and turn them on as requested. */ - long protocol_flags = SSL_OP_NO_SSL_MASK; + long protocol_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1; + protocol_flags |= SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; + char *s = xstrdup(arg); char *save_ptr = NULL;