From d92cd1e697553c1a8bd3b10f9326a0af3ec51f6d Mon Sep 17 00:00:00 2001
From: Paul Aurich <paul@darkrain42.org>
Date: Fri, 4 Dec 2009 09:48:08 -0800
Subject: Disable SSLv2 by default, it's known to be insecure.

---
 core/hostmanager.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'core')

diff --git a/core/hostmanager.lua b/core/hostmanager.lua
index f89eaeba..713788dd 100644
--- a/core/hostmanager.lua
+++ b/core/hostmanager.lua
@@ -20,8 +20,8 @@ end
 local incoming_s2s = _G.prosody.incoming_s2s;
 
 -- These are the defaults if not overridden in the config
-local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; };
-local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; };
+local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; };
+local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; };
 
 local log = require "util.logger".init("hostmanager");
 
-- 
cgit v1.2.3