Project

General

Profile

Actions
Copy link

Bug #2647

closed

disable sslv3 protocol by default

Added by petrs almost 9 years ago. Updated almost 9 years ago.

Status:
Fixed
Priority:
Normal
Category:
-
Target version:
1.4.36
ASK QUESTIONS IN Forums:

Description

sslv3 protocol should be probably disabled by default (in the same way how sslv2 is) to mitigate "POODLE" vulnerability.

In case where it's still needed it can be enabled via:

ssl.use-sslv3 = "enable"

--- src/configfile.c
+++ src/configfile.c
@@ -182,7 +182,7 @@
                s->ssl_honor_cipher_order = 1;
                s->ssl_empty_fragments = 0;
                s->ssl_use_sslv2 = 0;
-               s->ssl_use_sslv3 = 1;
+               s->ssl_use_sslv3 = 0;
                s->use_ipv6      = 0;
                s->set_v6only    = 1;
                s->defer_accept  = 0;
Actions
Copy link
 #1

Updated by petrs almost 9 years ago

  • Target version set to 1.4.x
Actions
Copy link
 #2

Updated by stbuehler almost 9 years ago

  • Description updated (diff)
  • Status changed from New to Fixed
  • Target version changed from 1.4.x to 1.4.36
  • Start date changed from 2015-05-26 to 2014-10-16

r2969 - committed some months ago

Actions
Copy link

Also available in: Atom