Diff

net/httpserver.lua @ 2321:7e7484a4e821

Disable SSLv2 by default, it's known to be insecure.
author Paul Aurich <paul@darkrain42.org>
date Fri, 04 Dec 2009 09:48:08 -0800
parent 2275:dd344b94d088
child 2360:f1832bf27f84
line wrap: on
line diff
--- a/net/httpserver.lua	Fri Dec 04 14:41:53 2009 +0000
+++ b/net/httpserver.lua	Fri Dec 04 09:48:08 2009 -0800
@@ -282,6 +282,7 @@
 		if ssl then
 			ssl.mode = "server";
 			ssl.protocol = "sslv23";
+			ssl.options = "no_sslv2";
 		end
 		
 		new{ port = port, interface = interface,