From bdca70b330eaaab86c88c7578aa1f18cf36ca80d Mon Sep 17 00:00:00 2001
From: Calum Lind <calumlind+deluge@gmail.com>
Date: Wed, 15 Oct 2014 18:44:02 +0100
Subject: [PATCH] [WebUI] Security update for POODLE vulnerability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

WebUI with HTTPS enabled is vulnerable to POODLE (CVE­-2014­-3566), so switch from
SSLv3 to TLSv1.
---
 deluge/ui/web/server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deluge/ui/web/server.py b/deluge/ui/web/server.py
index 8ec1acc71..f99daa138 100644
--- a/deluge/ui/web/server.py
+++ b/deluge/ui/web/server.py
@@ -542,7 +542,7 @@ class ServerContextFactory:
 
     def getContext(self):  # NOQA
         """Creates an SSL context."""
-        ctx = SSL.Context(SSL.SSLv3_METHOD)
+        ctx = SSL.Context(SSL.TLSv1_METHOD)
         deluge_web = component.get("DelugeWeb")
         log.debug("Enabling SSL using:")
         log.debug("Pkey: %s", deluge_web.pkey)