HUE-2438 [core] Disable SSLv3 for Poodle vulnerability

Also disable SSLv2. https://pythonhosted.org/pyOpenSSL/api/ssl.html#OpenSSL.SSL.OP_NO_SSLv2
cloudera · Oct 28, 2014 · 0060abf · 0060abf
1 parent 1b64d0c
commit 0060abf
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/desktop/core/src/desktop/lib/wsgiserver.py b/desktop/core/src/desktop/lib/wsgiserver.py
@@ -1667,6 +1667,7 @@ def _bind(self, family, type, proto=0):
             ctx.set_cipher_list(self.ssl_cipher_list)
             ctx.use_privatekey_file(self.ssl_private_key)
             ctx.use_certificate_file(self.ssl_certificate)
+            ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
             self.socket = SSLConnection(ctx, self.socket)
             self.populate_ssl_environ()