From 7b856fb21dd11cf0527092cfdad0c2093bf64697 Mon Sep 17 00:00:00 2001
From: Brian Drawert <bdrawert@cs.ucsb.edu>
Date: Sat, 28 Mar 2015 13:22:08 -0700
Subject: [PATCH] Fix for CVE-2014-3566 'POODLE' SSL attack, original commit
 '22c4922f4796078c5613de9e07e66b8764549cad'

---
 IPython/html/notebookapp.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/IPython/html/notebookapp.py b/IPython/html/notebookapp.py
index 8a3a2213d..ce9952133 100644
--- a/IPython/html/notebookapp.py
+++ b/IPython/html/notebookapp.py
@@ -19,6 +19,7 @@ import re
 import select
 import signal
 import socket
+import ssl
 import sys
 import threading
 import webbrowser
@@ -846,6 +847,9 @@ class NotebookApp(BaseIPythonApplication):
         if not ssl_options:
             # None indicates no SSL config
             ssl_options = None
+        else:
+            # Disable SSLv3, since its use is discouraged.
+            ssl_options['ssl_version']=ssl.PROTOCOL_TLSv1
         self.login_handler_class.validate_security(self, ssl_options=ssl_options)
         self.http_server = httpserver.HTTPServer(self.web_app, ssl_options=ssl_options,
                                                  xheaders=self.trust_xheaders)