Project

General

Profile

Actions

Bug #2647

closed

disable sslv3 protocol by default

Added by petrs almost 10 years ago. Updated almost 10 years ago.

Status:
Fixed
Priority:
Normal
Category:
-
Target version:
ASK QUESTIONS IN Forums:

Description

sslv3 protocol should be probably disabled by default (in the same way how sslv2 is) to mitigate "POODLE" vulnerability.

In case where it's still needed it can be enabled via:

ssl.use-sslv3 = "enable"

--- src/configfile.c
+++ src/configfile.c
@@ -182,7 +182,7 @@
                s->ssl_honor_cipher_order = 1;
                s->ssl_empty_fragments = 0;
                s->ssl_use_sslv2 = 0;
-               s->ssl_use_sslv3 = 1;
+               s->ssl_use_sslv3 = 0;
                s->use_ipv6      = 0;
                s->set_v6only    = 1;
                s->defer_accept  = 0;
Actions #1

Updated by petrs almost 10 years ago

  • Target version set to 1.4.x
Actions #2

Updated by stbuehler almost 10 years ago

  • Description updated (diff)
  • Status changed from New to Fixed
  • Target version changed from 1.4.x to 1.4.36
  • Start date changed from 2015-05-26 to 2014-10-16

r2969 - committed some months ago

Actions

Also available in: Atom