polarssl: disable SSLv3 support, fixes CVE-2014-3566 (POODLE)

[15.05/openwrt.git] / package / libs / polarssl / patches / 100-disable_sslv3.patch

diff --git a/package/libs/polarssl/patches/100-disable_sslv3.patch b/package/libs/polarssl/patches/100-disable_sslv3.patch
new file mode 100644 (file)
index 0000000..06312f3
--- /dev/null
+++ b/package/libs/polarssl/patches/100-disable_sslv3.patch
@@ -0,0 +1,12 @@
+--- a/include/polarssl/config.h
++++ b/include/polarssl/config.h
+@@ -859,8 +859,8 @@
+  *           POLARSSL_SHA1_C
+  *
+  * Comment this macro to disable support for SSL 3.0
+- */
+ #define POLARSSL_SSL_PROTO_SSL3
++ */
+ 
+ /**
+  * \def POLARSSL_SSL_PROTO_TLS1