From 1ee55840ff7e4f62487b32a2418b8fc6ebbecc6f Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Tue, 12 Nov 2013 02:13:01 +0000
Subject: Back out 1b0ac7950129, as SSLv3 appears to still be in moderate use
 on the network. Also, although obsolete, SSLv3 isn't documented to have any
 weaknesses that TLS 1.0 (the most common version used today) doesn't also
 have. Get your act together clients!

---
 core/certmanager.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core/certmanager.lua')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 1a8da6a6..976b0a88 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -33,7 +33,7 @@ module "certmanager"
 local default_ssl_config = configmanager.get("*", "ssl");
 local default_capath = "/etc/ssl/certs";
 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
+local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 
 if ssl and not luasec_has_verifyext and ssl.x509 then
-- 
cgit v1.2.3