diff options
| author | Sebastian Geerken <devnull@localhost> | 2014-11-08 14:57:16 +0100 |
|---|---|---|
| committer | Sebastian Geerken <devnull@localhost> | 2014-11-08 14:57:16 +0100 |
| commit | aa4f6269918fcfc5ebd11d3b712e88577773ba02 (patch) | |
| tree | 9e914def2dc344a71c266f4361123abcbde88cba /dpi/https.c | |
| parent | faa8d1b65d9f724445e068d2766356103204728a (diff) | |
| parent | 550d933b21d548411fe862d6a24ce73e4d5621c5 (diff) | |
Merge with main repo.
Diffstat (limited to 'dpi/https.c')
| -rw-r--r-- | dpi/https.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/dpi/https.c b/dpi/https.c index f0b4ec89..da75b9e8 100644 --- a/dpi/https.c +++ b/dpi/https.c @@ -156,11 +156,12 @@ static void yes_ssl_support(void) } } - /* Do not use the obsolete insecure SSLv2 protocol, and everyone disabled - * TLS compression when the CRIME exploit became widely known in 2012. + /* SSL2 has been known to be insecure forever, disabling SSL3 is in response + * to POODLE, and disabling compression is in response to CRIME. */ if (exit_error == 0){ - SSL_CTX_set_options(ssl_context, SSL_OP_NO_SSLv2|SSL_OP_NO_COMPRESSION); + SSL_CTX_set_options(ssl_context, + SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION); } /*Set directory to load certificates from*/ |