From 19bffb358a8d5d36c5604de6bd2ab648a55fcc18 Mon Sep 17 00:00:00 2001
From: corvid <devnull@localhost>
Date: Fri, 17 Oct 2014 01:36:00 +0000
Subject: everyone's finally disabling SSL3; let's do so too

---
 dpi/https.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/dpi/https.c b/dpi/https.c
index f0b4ec89..da75b9e8 100644
--- a/dpi/https.c
+++ b/dpi/https.c
@@ -156,11 +156,12 @@ static void yes_ssl_support(void)
       }
    }
 
-   /* Do not use the obsolete insecure SSLv2 protocol, and everyone disabled
-    * TLS compression when the CRIME exploit became widely known in 2012.
+   /* SSL2 has been known to be insecure forever, disabling SSL3 is in response
+    * to POODLE, and disabling compression is in response to CRIME.
     */
    if (exit_error == 0){
-      SSL_CTX_set_options(ssl_context, SSL_OP_NO_SSLv2|SSL_OP_NO_COMPRESSION);
+      SSL_CTX_set_options(ssl_context,
+                        SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
    }
 
    /*Set directory to load certificates from*/
-- 
cgit v1.2.3