From 26cd63e77f53b850e5fc340a3b7981470cbde38d Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 14 Oct 2014 18:55:08 +0100 Subject: certmanager, net.http: Disable SSLv3 by default --- net/http.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/http.lua') diff --git a/net/http.lua b/net/http.lua index 9dde6062..8ce47494 100644 --- a/net/http.lua +++ b/net/http.lua @@ -175,7 +175,7 @@ function request(u, ex, callback) local sslctx = false; if using_https then - sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } }; + sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2", "no_sslv3" } }; end req.handler, req.conn = assert(server.wrapclient(conn, host, port_number, listener, "*a", sslctx)); -- cgit v1.2.3