From 0060abf9aae0049c082c9948658eea7df848ab6e Mon Sep 17 00:00:00 2001
From: Romain Rigaux <romain@cloudera.com>
Date: Mon, 27 Oct 2014 18:02:32 -0700
Subject: [PATCH] HUE-2438 [core] Disable SSLv3 for Poodle vulnerability

Also disable SSLv2.
https://pythonhosted.org/pyOpenSSL/api/ssl.html#OpenSSL.SSL.OP_NO_SSLv2
---
 desktop/core/src/desktop/lib/wsgiserver.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/desktop/core/src/desktop/lib/wsgiserver.py b/desktop/core/src/desktop/lib/wsgiserver.py
index af21fc24ba0..e771caecc31 100644
--- a/desktop/core/src/desktop/lib/wsgiserver.py
+++ b/desktop/core/src/desktop/lib/wsgiserver.py
@@ -1667,6 +1667,7 @@ def _bind(self, family, type, proto=0):
             ctx.set_cipher_list(self.ssl_cipher_list)
             ctx.use_privatekey_file(self.ssl_private_key)
             ctx.use_certificate_file(self.ssl_certificate)
+            ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
             self.socket = SSLConnection(ctx, self.socket)
             self.populate_ssl_environ()