Browse Source

[mod_openssl] disable SSL3 by default

personal/stbuehler/wip
Stefan Bühler 9 years ago
parent
commit
c51d89fe6e
  1. 2
      src/modules/mod_openssl.c

2
src/modules/mod_openssl.c

@ -473,7 +473,7 @@ static gboolean openssl_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
*ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM",
*pemfile = NULL, *ca_file = NULL, *client_ca_file = NULL, *dh_params_file = NULL;
long
options = SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_DH_USE
options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_DH_USE
#ifdef SSL_OP_NO_COMPRESSION
| SSL_OP_NO_COMPRESSION
#endif

Loading…
Cancel
Save