net.http: Disable SSLv2 support for HTTPS connections

author: Matthew Wild <mwild1@gmail.com>
date: Wed, 20 Mar 2013 20:31:52 +0000
parent: 5353:8c3f28f5c1c1
child: 5448:cbe9fa2d3787
--- a/net/http.lua	Wed Mar 20 20:31:02 2013 +0000
+++ b/net/http.lua	Wed Mar 20 20:31:52 2013 +0000
@@ -190,7 +190,7 @@
 	
 	local sslctx = false;
 	if using_https then
-		sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23" };
+		sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } };
 	end
 
 	req.handler, req.conn = server.wrapclient(conn, req.host, port, listener, "*a", sslctx);