From 26f5be17609a8312c4ba06aa120ed208cd7876f2 Mon Sep 17 00:00:00 2001
From: Calum Lind <calumlind+deluge@gmail.com>
Date: Wed, 15 Oct 2014 18:44:02 +0100
Subject: [PATCH] [WebUI] Security update for POODLE vulnerability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

WebUI with HTTPS enabled is vulnerable to POODLE (CVE­-2014­-3566), so switch from
SSLv3 to TLSv1.
---
 deluge/ui/web/server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deluge/ui/web/server.py b/deluge/ui/web/server.py
index 07f9222af..ede561f91 100644
--- a/deluge/ui/web/server.py
+++ b/deluge/ui/web/server.py
@@ -584,7 +584,7 @@ class ServerContextFactory:
 
     def getContext(self):
         """Creates an SSL context."""
-        ctx = SSL.Context(SSL.SSLv3_METHOD)
+        ctx = SSL.Context(SSL.TLSv1_METHOD)
         deluge_web = component.get("DelugeWeb")
         log.debug("Enabling SSL using:")
         log.debug("Pkey: %s", deluge_web.pkey)