Project

General

Profile

Bug #2647

disable sslv3 protocol by default

Added by petrs over 3 years ago. Updated over 3 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
2014-10-16
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

sslv3 protocol should be probably disabled by default (in the same way how sslv2 is) to mitigate "POODLE" vulnerability.

In case where it's still needed it can be enabled via:

ssl.use-sslv3 = "enable"

--- src/configfile.c
+++ src/configfile.c
@@ -182,7 +182,7 @@
                s->ssl_honor_cipher_order = 1;
                s->ssl_empty_fragments = 0;
                s->ssl_use_sslv2 = 0;
-               s->ssl_use_sslv3 = 1;
+               s->ssl_use_sslv3 = 0;
                s->use_ipv6      = 0;
                s->set_v6only    = 1;
                s->defer_accept  = 0;

History

#1

Updated by petrs over 3 years ago

  • Target version set to 1.4.x
#2

Updated by stbuehler over 3 years ago

  • Description updated (diff)
  • Status changed from New to Fixed
  • Target version changed from 1.4.x to 1.4.36
  • Start date changed from 2015-05-26 to 2014-10-16

r2969 - committed some months ago

Also available in: Atom