From d92cd1e697553c1a8bd3b10f9326a0af3ec51f6d Mon Sep 17 00:00:00 2001
From: Paul Aurich <paul@darkrain42.org>
Date: Fri, 4 Dec 2009 09:48:08 -0800
Subject: Disable SSLv2 by default, it's known to be insecure.

---
 net/httpserver.lua | 1 +
 1 file changed, 1 insertion(+)

(limited to 'net/httpserver.lua')

diff --git a/net/httpserver.lua b/net/httpserver.lua
index 654025ba..ddb68f03 100644
--- a/net/httpserver.lua
+++ b/net/httpserver.lua
@@ -282,6 +282,7 @@ function new_from_config(ports, handle_request, default_options)
 		if ssl then
 			ssl.mode = "server";
 			ssl.protocol = "sslv23";
+			ssl.options = "no_sslv2";
 		end
 		
 		new{ port = port, interface = interface, 
-- 
cgit v1.2.3