diff options
| author | corvid <devnull@localhost> | 2014-10-17 01:36:00 +0000 |
|---|---|---|
| committer | corvid <devnull@localhost> | 2014-10-17 01:36:00 +0000 |
| commit | 19bffb358a8d5d36c5604de6bd2ab648a55fcc18 (patch) | |
| tree | ada4c968e282093aa47c0ec4250bc40966b13251 /dpi | |
| parent | 3143688e32d73fa788fd2d37e395753bae578e7d (diff) | |
everyone's finally disabling SSL3; let's do so too
Diffstat (limited to 'dpi')
| -rw-r--r-- | dpi/https.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/dpi/https.c b/dpi/https.c index f0b4ec89..da75b9e8 100644 --- a/dpi/https.c +++ b/dpi/https.c @@ -156,11 +156,12 @@ static void yes_ssl_support(void) } } - /* Do not use the obsolete insecure SSLv2 protocol, and everyone disabled - * TLS compression when the CRIME exploit became widely known in 2012. + /* SSL2 has been known to be insecure forever, disabling SSL3 is in response + * to POODLE, and disabling compression is in response to CRIME. */ if (exit_error == 0){ - SSL_CTX_set_options(ssl_context, SSL_OP_NO_SSLv2|SSL_OP_NO_COMPRESSION); + SSL_CTX_set_options(ssl_context, + SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION); } /*Set directory to load certificates from*/ |