aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2014-10-14 18:55:08 +0100
committerMatthew Wild <mwild1@gmail.com>2014-10-14 18:55:08 +0100
commit26cd63e77f53b850e5fc340a3b7981470cbde38d (patch)
treee267f4722b8414541b27c335ae0816b0a2d3e7b5
parentdc951d561795a325328e01697f60aef0657ad5e5 (diff)
downloadprosody-26cd63e77f53b850e5fc340a3b7981470cbde38d.tar.gz
prosody-26cd63e77f53b850e5fc340a3b7981470cbde38d.zip
certmanager, net.http: Disable SSLv3 by default0.9.6
-rw-r--r--core/certmanager.lua2
-rw-r--r--net/http.lua2
2 files changed, 2 insertions, 2 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index d6784a96..624bd841 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -33,7 +33,7 @@ module "certmanager"
local default_ssl_config = configmanager.get("*", "ssl");
local default_capath = "/etc/ssl/certs";
local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
+local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
if ssl and not luasec_has_verifyext and ssl.x509 then
diff --git a/net/http.lua b/net/http.lua
index 9dde6062..8ce47494 100644
--- a/net/http.lua
+++ b/net/http.lua
@@ -175,7 +175,7 @@ function request(u, ex, callback)
local sslctx = false;
if using_https then
- sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } };
+ sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2", "no_sslv3" } };
end
req.handler, req.conn = assert(server.wrapclient(conn, host, port_number, listener, "*a", sslctx));