From c88472a94c15adef4275242934f2a3eec9778dd4 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Wed, 26 Nov 2014 20:20:52 -0200
Subject: Enforce TLSv1 in soledad server (#6437).

---
 server/changes/bug_6437_avoid-sslv3 | 1 +
 server/pkg/soledad                  | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 server/changes/bug_6437_avoid-sslv3

diff --git a/server/changes/bug_6437_avoid-sslv3 b/server/changes/bug_6437_avoid-sslv3
new file mode 100644
index 00000000..5d41fbb3
--- /dev/null
+++ b/server/changes/bug_6437_avoid-sslv3
@@ -0,0 +1 @@
+  o Avoid use of SSLv3 (#6437).
diff --git a/server/pkg/soledad b/server/pkg/soledad
index 841233d1..62b7c5f8 100644
--- a/server/pkg/soledad
+++ b/server/pkg/soledad
@@ -19,6 +19,7 @@ CERT_PATH=/etc/leap/soledad-server.pem
 PRIVKEY_PATH=/etc/leap/soledad-server.key
 TWISTD_PATH=/usr/bin/twistd
 HOME=/var/lib/soledad/
+SSL_METHOD=TLSv1_METHOD
 
 [ -r /etc/default/soledad ] && . /etc/default/soledad
 
@@ -35,7 +36,7 @@ case "$1" in
             --logfile=$LOGFILE \
             web \
             --wsgi=$OBJ \
-            --port=ssl:$HTTPS_PORT:privateKey=$PRIVKEY_PATH:certKey=$CERT_PATH
+            --port=ssl:${HTTPS_PORT}:privateKey=${PRIVKEY_PATH}:certKey=${CERT_PATH}:sslmethod=${SSL_METHOD}
         echo "."
     ;;
 
-- 
cgit v1.2.3