Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
authorMatthew Wild <mwild1@gmail.com>
Tue, 12 Nov 2013 02:13:01 +0000
changeset 5915 e6fed1d80116
parent 5907 9586979058b8
child 5916 1c4405f33561
child 5921 f7601ce30cfc
Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!
core/certmanager.lua file | annotate | diff | comparison | revisions 
--- a/core/certmanager.lua	Sun Nov 10 18:46:48 2013 +0000
+++ b/core/certmanager.lua	Tue Nov 12 02:13:01 2013 +0000
@@ -33,7 +33,7 @@
 local default_ssl_config = configmanager.get("*", "ssl");
 local default_capath = "/etc/ssl/certs";
 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
+local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 
 if ssl and not luasec_has_verifyext and ssl.x509 then
prosody