Software / code / prosody
Diff
prosody @ 2321:7e7484a4e821
Disable SSLv2 by default, it's known to be insecure.
| author | Paul Aurich <paul@darkrain42.org> |
|---|---|
| date | Fri, 04 Dec 2009 09:48:08 -0800 |
| parent | 2154:b8635ebd7f57 |
| child | 2322:548a4fc54a74 |
| child | 2769:826f6fb7036d |
line wrap: on
line diff
--- a/prosody Fri Dec 04 14:41:53 2009 +0000 +++ b/prosody Fri Dec 04 09:48:08 2009 -0800 @@ -177,7 +177,7 @@ -- Load SSL settings from config, and create a ctx table local global_ssl_ctx = rawget(_G, "ssl") and config.get("*", "core", "ssl"); if global_ssl_ctx then - local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; + local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; setmetatable(global_ssl_ctx, { __index = default_ssl_ctx }); end
