profiles/base: mask net-libs/gnutls[sslv2,sslv3], dev-libs/openssl[sslv2,sslv3]

Horribly insecure old protocols. Don't allow them to be enabled accidentally by stale configs in make.conf, i.e. make users opt in very explicitly by unmasking if they do need it. Signed-off-by: Sam James <sam@gentoo.org>
author: Sam James <sam@gentoo.org> 2023-06-29 11:44:50 +0100
committer: Sam James <sam@gentoo.org> 2023-06-29 11:45:04 +0100
commit: 29772084068486a60f4f8c3470869309b5c4d906 (patch)
tree: 0c5ed701f1c0a0faf58e252ef672b00c686dcc14 /profiles
parent: profiles/base: mask net-misc/curl[sslv3] (diff)
download: gentoo-29772084068486a60f4f8c3470869309b5c4d906.tar.gz
gentoo-29772084068486a60f4f8c3470869309b5c4d906.tar.bz2
gentoo-29772084068486a60f4f8c3470869309b5c4d906.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
index b525117a3c16..56b900574092 100644
--- a/profiles/base/package.use.mask
+++ b/profiles/base/package.use.mask
@@ -7,6 +7,11 @@
 # mask everywhere, unmask on arch/*) use arch/base.
 
 # Sam James <sam@gentoo.org> (2023-06-29)
+# Insecure old versions of the SSL/TLS protocol.
+net-libs/gnutls sslv2 sslv3
+dev-libs/openssl sslv2 sslv3
+
+# Sam James <sam@gentoo.org> (2023-06-29)
 # Needs <dev-libs/openssl-3 which is EOL beyond September 2023.
 net-misc/curl sslv3
author	Sam James <sam@gentoo.org>	2023-06-29 11:44:50 +0100
committer	Sam James <sam@gentoo.org>	2023-06-29 11:45:04 +0100
commit	29772084068486a60f4f8c3470869309b5c4d906 (patch)
tree	0c5ed701f1c0a0faf58e252ef672b00c686dcc14 /profiles
parent	profiles/base: mask net-misc/curl[sslv3] (diff)
download	gentoo-29772084068486a60f4f8c3470869309b5c4d906.tar.gz gentoo-29772084068486a60f4f8c3470869309b5c4d906.tar.bz2 gentoo-29772084068486a60f4f8c3470869309b5c4d906.zip