diff options
author | Paul Aurich <paul@darkrain42.org> | 2009-12-04 09:48:08 -0800 |
---|---|---|
committer | Paul Aurich <paul@darkrain42.org> | 2009-12-04 09:48:08 -0800 |
commit | a5dcc1d8c6f4a0d38b0ddc84033c1dabf9127fba (patch) | |
tree | a16f32783467fe55aa10f7789166b29bdc8c03fd /prosody | |
parent | c82b309e7884e380d28b4326395c3bc52b7b3d8d (diff) | |
download | prosody-a5dcc1d8c6f4a0d38b0ddc84033c1dabf9127fba.tar.gz prosody-a5dcc1d8c6f4a0d38b0ddc84033c1dabf9127fba.zip |
Disable SSLv2 by default, it's known to be insecure.
Diffstat (limited to 'prosody')
-rwxr-xr-x | prosody | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -177,7 +177,7 @@ function init_global_state() -- Load SSL settings from config, and create a ctx table local global_ssl_ctx = rawget(_G, "ssl") and config.get("*", "core", "ssl"); if global_ssl_ctx then - local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; + local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; setmetatable(global_ssl_ctx, { __index = default_ssl_ctx }); end |