Disable python2.6 ssl3 protocol in centos6

wget http://vault.centos.org/6.5/updates/Source/SPackages/python-2.6.6-52.el6.src.rpm
mkdir -p ~/rpmbuild/SOURCES
cd ~/rpmbuild/SOURCES
wget http://vault.centos.org/6.5/updates/Source/SPackages/python-2.6.6-52.el6.src.rpm
rpm2cpio python-2.6.6-52.el6.src.rpm | cpio -idmv

--- /dev/null
+++ b/SOURCES/python-2.6-disable-ssl3.patch
@@ -0,0 +1,17 @@
+--- Python-2.6.6.orig/Modules/_ssl.c
++++ Python-2.6.6/Modules/_ssl.c
+@@ -359,7 +386,12 @@ newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file,
+     }
+ 
+     /* ssl compatibility */
+-    SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
++    long options = SSL_OP_ALL;
++    if (proto_version != PY_SSL_VERSION_SSL2)
++        options |= SSL_OP_NO_SSLv2;
++    if (proto_version != PY_SSL_VERSION_SSL3)
++        options |= SSL_OP_NO_SSLv3;
++    SSL_CTX_set_options(self->ctx, options);
+ 
+     verification_mode = SSL_VERIFY_NONE;
+     if (certreq == PY_SSL_CERT_OPTIONAL)
+
--- a/SOURCES.bak/python.spec
+++ b/SOURCES/python.spec
@@ -47,7 +47,7 @@
 Summary: An interpreted, interactive, object-oriented programming language
 Name: %{python}
 Version: 2.6.6
-Release: 52%{?dist}
+Release: 52%{?dist}_1
 License: Python
 Group: Development/Languages
 Provides: python-abi = %{pybasever}
@@ -453,6 +453,7 @@ Patch171: python-2.6.6-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch
 # (rhbz#1002983)
 Patch172: python-2.6.6-ssl-memory-leak-_get_peer_alt_names.patch
 
+Patch10000: python-2.6-disable-ssl3.patch
 
 # The core python package contains just the executable and manpages; most of
 # the content is now in the -libs subpackage.
@@ -790,6 +791,8 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
 
 %patch172 -p1
 
+%patch10000 -p1
+
 # Don't build these crypto algorithms; instead rely on _hashlib and OpenSSL:
 for f in md5module.c md5.c shamodule.c sha256module.c sha512module.c; do
     rm Modules/$f

patch < ~/disable-ssl3.patch

rpmbuild -ba python.spec

openssl s_client -connect ip:port -ssl3

Recommended Posts