equal
deleted
inserted
replaced
|
1 # |
|
2 # disable SSLv3 support as it is not entirely secure. |
|
3 # |
|
4 --- ejabberd-2.1.13/src/tls/tls_drv.c.orig Thu Jul 9 11:46:50 2015 |
|
5 +++ ejabberd-2.1.13/src/tls/tls_drv.c Thu Jul 9 11:52:03 2015 |
|
6 @@ -44,7 +44,7 @@ |
|
7 #define SSL_OP_NO_TICKET 0 |
|
8 #endif |
|
9 |
|
10 -#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2" |
|
11 +#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!SSLv3" |
|
12 |
|
13 /* |
|
14 * R15B changed several driver callbacks to use ErlDrvSizeT and |
|
15 @@ -440,7 +440,7 @@ |
|
16 res = SSL_CTX_check_private_key(ctx); |
|
17 die_unless(res > 0, "SSL_CTX_check_private_key failed"); |
|
18 |
|
19 - SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET); |
|
20 + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET); |
|
21 |
|
22 SSL_CTX_set_cipher_list(ctx, CIPHERS); |
|
23 |