diff options
| author | corvid <devnull@localhost> | 2014-10-17 01:36:00 +0000 |
|---|---|---|
| committer | corvid <devnull@localhost> | 2014-10-17 01:36:00 +0000 |
| commit | 1126f75f2141329c6839c4bc6c58d6bb947689fd (patch) | |
| tree | e7f10bd22994aeb3bb215a7a39d41c7c6ebcc9f9 /dpi | |
| parent | 4ee6cf9769ac462f46007243ea833d0c05723e7d (diff) | |
everyone's finally disabling SSL3; let's do so too
Diffstat (limited to 'dpi')
| -rw-r--r-- | dpi/https.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/dpi/https.c b/dpi/https.c index f0b4ec89..da75b9e8 100644 --- a/dpi/https.c +++ b/dpi/https.c @@ -156,11 +156,12 @@ static void yes_ssl_support(void) } } - /* Do not use the obsolete insecure SSLv2 protocol, and everyone disabled - * TLS compression when the CRIME exploit became widely known in 2012. + /* SSL2 has been known to be insecure forever, disabling SSL3 is in response + * to POODLE, and disabling compression is in response to CRIME. */ if (exit_error == 0){ - SSL_CTX_set_options(ssl_context, SSL_OP_NO_SSLv2|SSL_OP_NO_COMPRESSION); + SSL_CTX_set_options(ssl_context, + SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION); } /*Set directory to load certificates from*/ |