From a36c8480683d1e2832057c003b4e334e34de3ca2 2015-03-28 20:22:08
From: Brian Drawert <bdrawert@cs.ucsb.edu>
Date: 2015-03-28 20:22:08
Subject: [PATCH] Fix for CVE-2014-3566 'POODLE' SSL attack, original commit '22c4922f4796078c5613de9e07e66b8764549cad'

---

diff --git a/IPython/html/notebookapp.py b/IPython/html/notebookapp.py
index 8a3a221..ce99521 100644
--- a/IPython/html/notebookapp.py
+++ b/IPython/html/notebookapp.py
@@ -19,6 +19,7 @@ import re
 import select
 import signal
 import socket
+import ssl
 import sys
 import threading
 import webbrowser
@@ -846,6 +847,9 @@ class NotebookApp(BaseIPythonApplication):
         if not ssl_options:
             # None indicates no SSL config
             ssl_options = None
+        else:
+            # Disable SSLv3, since its use is discouraged.
+            ssl_options['ssl_version']=ssl.PROTOCOL_TLSv1
         self.login_handler_class.validate_security(self, ssl_options=ssl_options)
         self.http_server = httpserver.HTTPServer(self.web_app, ssl_options=ssl_options,
                                                  xheaders=self.trust_xheaders)