From c51d89fe6ea2acad4fb67d1786330a924f0e352a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Fri, 9 Aug 2013 00:23:33 +0200
Subject: [PATCH] [mod_openssl] disable SSL3 by default

---
 src/modules/mod_openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/mod_openssl.c b/src/modules/mod_openssl.c
index d93b910..7a34e56 100644
--- a/src/modules/mod_openssl.c
+++ b/src/modules/mod_openssl.c
@@ -473,7 +473,7 @@ static gboolean openssl_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
 		*ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM",
 		*pemfile = NULL, *ca_file = NULL, *client_ca_file = NULL, *dh_params_file = NULL;
 	long
-		options = SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_DH_USE
+		options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_DH_USE
 #ifdef SSL_OP_NO_COMPRESSION
 			| SSL_OP_NO_COMPRESSION
 #endif