interfasys
Verified User
- Compile OpenSSL without SSLv2 and without SSLv3
- Add this patch to custombuild (via your prefered method)
Patch
Code:
--- php-broken/ext/openssl/xp_ssl.c.orig 2014-08-16 16:57:27.552313052 +0200
+++ php-secure/ext/openssl/xp_ssl.c 2014-08-16 17:05:28.821828891 +0200
@@ -339,9 +339,14 @@
break;
#endif
case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+#ifdef OPENSSL_NO_SSL3
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#else
sslsock->is_client = 1;
method = SSLv3_client_method();
break;
+#endif
case STREAM_CRYPTO_METHOD_TLS_CLIENT:
sslsock->is_client = 1;
method = TLSv1_client_method();
@@ -351,9 +356,14 @@
method = SSLv23_server_method();
break;
case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
+#ifdef OPENSSL_NO_SSL3
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#else
sslsock->is_client = 0;
method = SSLv3_server_method();
break;
+#endif
case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
#ifdef OPENSSL_NO_SSL2
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");https://bugs.php.net/bug.php?id=67850
Last edited: