Disable SSLv2 by default, it's known to be insecure.

author: Paul Aurich <paul@darkrain42.org> 2009-12-04 09:48:08 -0800
committer: Paul Aurich <paul@darkrain42.org> 2009-12-04 09:48:08 -0800
commit: d92cd1e697553c1a8bd3b10f9326a0af3ec51f6d (patch)
tree: 28d94a882781122a4cae90d5357acc13d33160eb /prosody
parent: 3b8737814d5de1e6ff97dd8b1bd5947c88e20be2 (diff)
download: prosody-d92cd1e697553c1a8bd3b10f9326a0af3ec51f6d.tar.gz
prosody-d92cd1e697553c1a8bd3b10f9326a0af3ec51f6d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/prosody b/prosody
index 7f69e085..1805e5b2 100755
--- a/prosody
+++ b/prosody
@@ -177,7 +177,7 @@ function init_global_state()
 	-- Load SSL settings from config, and create a ctx table
 	local global_ssl_ctx = rawget(_G, "ssl") and config.get("*", "core", "ssl");
 	if global_ssl_ctx then
-		local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; };
+		local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; };
 		setmetatable(global_ssl_ctx, { __index = default_ssl_ctx });
 	end
author	Paul Aurich <paul@darkrain42.org>	2009-12-04 09:48:08 -0800
committer	Paul Aurich <paul@darkrain42.org>	2009-12-04 09:48:08 -0800
commit	d92cd1e697553c1a8bd3b10f9326a0af3ec51f6d (patch)
tree	28d94a882781122a4cae90d5357acc13d33160eb /prosody
parent	3b8737814d5de1e6ff97dd8b1bd5947c88e20be2 (diff)
download	prosody-d92cd1e697553c1a8bd3b10f9326a0af3ec51f6d.tar.gz prosody-d92cd1e697553c1a8bd3b10f9326a0af3ec51f6d.zip