Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use on the network. Also, although obsolete, SSLv3 isn't documented to have any weaknesses that TLS 1.0 (the most common version used today) doesn't also have. Get your act together clients!

author: Matthew Wild <mwild1@gmail.com> 2013-11-12 02:13:01 +0000
committer: Matthew Wild <mwild1@gmail.com> 2013-11-12 02:13:01 +0000
commit: 27a7eea80ac5e06992e076adc1a0b5d52e7e948f (patch)
tree: 3bbc52921325ac511afdaea55089b68f0f349786 /core
parent: db79e6ab908b37087f01c817afa7a7519a3fe2cc (diff)
download: prosody-27a7eea80ac5e06992e076adc1a0b5d52e7e948f.tar.gz
prosody-27a7eea80ac5e06992e076adc1a0b5d52e7e948f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 1a8da6a6..976b0a88 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -33,7 +33,7 @@ module "certmanager"
 local default_ssl_config = configmanager.get("*", "ssl");
 local default_capath = "/etc/ssl/certs";
 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
+local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 
 if ssl and not luasec_has_verifyext and ssl.x509 then
author	Matthew Wild <mwild1@gmail.com>	2013-11-12 02:13:01 +0000
committer	Matthew Wild <mwild1@gmail.com>	2013-11-12 02:13:01 +0000
commit	27a7eea80ac5e06992e076adc1a0b5d52e7e948f (patch)
tree	3bbc52921325ac511afdaea55089b68f0f349786 /core
parent	db79e6ab908b37087f01c817afa7a7519a3fe2cc (diff)
download	prosody-27a7eea80ac5e06992e076adc1a0b5d52e7e948f.tar.gz prosody-27a7eea80ac5e06992e076adc1a0b5d52e7e948f.zip