Diff

net/httpserver.lua @ 2767:473627393d40

Disable SSLv2 by default, it's known to be insecure.
author Paul Aurich <paul@darkrain42.org>
date Fri, 04 Dec 2009 09:48:08 -0800
parent 2761:5d3ad9a6b3be
child 2775:72b31799b0cb
line wrap: on
line diff
--- a/net/httpserver.lua	Thu Dec 03 19:18:18 2009 +0000
+++ b/net/httpserver.lua	Fri Dec 04 09:48:08 2009 -0800
@@ -282,6 +282,7 @@
 		if ssl then
 			ssl.mode = "server";
 			ssl.protocol = "sslv23";
+			ssl.options = "no_sslv2";
 		end
 		
 		new{ port = port, interface = interface,