# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1383242436 -3600
# Node ID 1b0ac79501290817b90872d9fbd9a054b605e8e5
# Parent  22b1d18eb9199e2e22b7acd3dee2d96697fbaf18
certmanager: Disable SSLv3 by default

diff -r 22b1d18eb919 -r 1b0ac7950129 core/certmanager.lua
--- a/core/certmanager.lua	Thu Oct 10 17:18:16 2013 -0400
+++ b/core/certmanager.lua	Thu Oct 31 19:00:36 2013 +0100
@@ -33,7 +33,7 @@
 local default_ssl_config = configmanager.get("*", "ssl");
 local default_capath = "/etc/ssl/certs";
 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-local default_options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
+local default_options = { "no_sslv2", "no_sslv3", luasec_has_noticket and "no_ticket" or nil };
 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 
 if ssl and not luasec_has_verifyext and ssl.x509 then