diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2014-10-16 14:09:47 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2014-10-16 16:57:31 -0400 |
| commit | 051f87219c90fd2880d432e1d3ca62c45e91209c (patch) | |
| tree | 0c0fbcc2b07e287a1f10aafdb028abae00df35a1 /nss_engine_init.c | |
| parent | 78c17097186a8cacfb237af67fdd87599a727e88 (diff) | |
| download | mod_nss-051f87219c90fd2880d432e1d3ca62c45e91209c.tar.gz mod_nss-051f87219c90fd2880d432e1d3ca62c45e91209c.tar.xz mod_nss-051f87219c90fd2880d432e1d3ca62c45e91209c.zip | |
Don't enable SSL 3 by default
This is in response to the POODLE CVE CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
Diffstat (limited to 'nss_engine_init.c')
| -rw-r--r-- | nss_engine_init.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nss_engine_init.c b/nss_engine_init.c index b5af76a..d74f002 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -646,9 +646,9 @@ static void nss_init_ctx_protocol(server_rec *s, } else { if (mctx->auth.protocols == NULL) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, - "%s value not set; using: SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2", + "%s value not set; using: TLSv1.0, TLSv1.1 and TLSv1.2", protocol_marker); - ssl3 = tls = tls1_1 = tls1_2 = 1; + tls = tls1_1 = tls1_2 = 1; } else { lprotocols = strdup(mctx->auth.protocols); ap_str_tolower(lprotocols); |