diff options
| author | Paul Aurich <paul@darkrain42.org> | 2009-12-04 09:48:08 -0800 |
|---|---|---|
| committer | Paul Aurich <paul@darkrain42.org> | 2009-12-04 09:48:08 -0800 |
| commit | a5dcc1d8c6f4a0d38b0ddc84033c1dabf9127fba (patch) | |
| tree | a16f32783467fe55aa10f7789166b29bdc8c03fd /core | |
| parent | c82b309e7884e380d28b4326395c3bc52b7b3d8d (diff) | |
| download | prosody-a5dcc1d8c6f4a0d38b0ddc84033c1dabf9127fba.tar.gz prosody-a5dcc1d8c6f4a0d38b0ddc84033c1dabf9127fba.zip | |
Disable SSLv2 by default, it's known to be insecure.
Diffstat (limited to 'core')
| -rw-r--r-- | core/hostmanager.lua | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/core/hostmanager.lua b/core/hostmanager.lua index f89eaeba..713788dd 100644 --- a/core/hostmanager.lua +++ b/core/hostmanager.lua @@ -20,8 +20,8 @@ end local incoming_s2s = _G.prosody.incoming_s2s; -- These are the defaults if not overridden in the config -local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; -local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; +local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; +local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; local log = require "util.logger".init("hostmanager"); |