1 Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability".
3 This change has been passed upstream.
5 --- lynx2.8.9rel.1/WWW/Library/Implementation/HTTP.c 2018-05-04 22:07:43.000000000 +0000
6 +++ lynx2.8.9rel.1/WWW/Library/Implementation/HTTP.c.new 2019-03-15 20:58:10.952164881 +0000
7 @@ -206,11 +206,8 @@ SSL *HTGetSSLHandle(void)
9 SSLeay_add_ssl_algorithms();
10 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) != NULL) {
11 -#ifdef SSL_OP_NO_SSLv2
12 - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
14 - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
16 + /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
17 + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
18 #ifdef SSL_OP_NO_COMPRESSION
19 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);