diff options
| author | Matthew Wild <mwild1@gmail.com> | 2014-10-14 18:55:08 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2014-10-14 18:55:08 +0100 |
| commit | b9a687e6efce1078586ca6c47b6e720366381e88 (patch) | |
| tree | e267f4722b8414541b27c335ae0816b0a2d3e7b5 | |
| parent | dbfcafeb754aa055d6017feff5659cbdc4c173bd (diff) | |
| download | prosody-b9a687e6efce1078586ca6c47b6e720366381e88.tar.gz prosody-b9a687e6efce1078586ca6c47b6e720366381e88.zip | |
certmanager, net.http: Disable SSLv3 by defaultvault/0.9.6
| -rw-r--r-- | core/certmanager.lua | 2 | ||||
| -rw-r--r-- | net/http.lua | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index d6784a96..624bd841 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -33,7 +33,7 @@ module "certmanager" local default_ssl_config = configmanager.get("*", "ssl"); local default_capath = "/etc/ssl/certs"; local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; -local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; +local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" }; if ssl and not luasec_has_verifyext and ssl.x509 then diff --git a/net/http.lua b/net/http.lua index 9dde6062..8ce47494 100644 --- a/net/http.lua +++ b/net/http.lua @@ -175,7 +175,7 @@ function request(u, ex, callback) local sslctx = false; if using_https then - sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } }; + sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2", "no_sslv3" } }; end req.handler, req.conn = assert(server.wrapclient(conn, host, port_number, listener, "*a", sslctx)); |