Enforce TLSv1 in soledad server (#6437).

author: drebs <drebs@leap.se> 2014-11-26 20:20:52 -0200
committer: drebs <drebs@leap.se> 2014-11-28 09:39:45 -0200
commit: 17682563bd30e780cf7d620624a856376d257e83 (patch)
tree: 1446c8555f43d44a11ef04766b539b23cd9fb1d3
parent: 4e90feb613da4f1f5221f3fed401d52dbf8f5e2b (diff)
2 files changed, 3 insertions, 1 deletions
diff --git a/server/changes/bug_6437_avoid-sslv3 b/server/changes/bug_6437_avoid-sslv3
new file mode 100644
index 00000000..5d41fbb3
--- /dev/null
+++ b/server/changes/bug_6437_avoid-sslv3
@@ -0,0 +1 @@
+  o Avoid use of SSLv3 (#6437).
diff --git a/server/pkg/soledad b/server/pkg/soledad
index 841233d1..62b7c5f8 100644
--- a/server/pkg/soledad
+++ b/server/pkg/soledad
@@ -19,6 +19,7 @@ CERT_PATH=/etc/leap/soledad-server.pem
 PRIVKEY_PATH=/etc/leap/soledad-server.key
 TWISTD_PATH=/usr/bin/twistd
 HOME=/var/lib/soledad/
+SSL_METHOD=TLSv1_METHOD
 
 [ -r /etc/default/soledad ] && . /etc/default/soledad
 
@@ -35,7 +36,7 @@ case "$1" in
             --logfile=$LOGFILE \
             web \
             --wsgi=$OBJ \
-            --port=ssl:$HTTPS_PORT:privateKey=$PRIVKEY_PATH:certKey=$CERT_PATH
+            --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD}
         echo "."
     ;;
author	drebs <drebs@leap.se>	2014-11-26 20:20:52 -0200
committer	drebs <drebs@leap.se>	2014-11-28 09:39:45 -0200
commit	17682563bd30e780cf7d620624a856376d257e83 (patch)
tree	1446c8555f43d44a11ef04766b539b23cd9fb1d3
parent	4e90feb613da4f1f5221f3fed401d52dbf8f5e2b (diff)