|
1 Patch origin: in-house |
|
2 Patch status: will be submitted to upstream |
|
3 |
|
4 --- modules/ssl/ssl_private.h |
|
5 +++ modules/ssl/ssl_private.h |
|
6 @@ -246,9 +246,9 @@ |
|
7 #define SSL_PROTOCOL_SSLV3 (1<<1) |
|
8 #define SSL_PROTOCOL_TLSV1 (1<<2) |
|
9 #ifdef OPENSSL_NO_SSL2 |
|
10 -#define SSL_MOST_ALL SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1 |
|
11 +#define SSL_MOST_ALL SSL_PROTOCOL_TLSV1 |
|
12 #else |
|
13 -#define SSL_MOST_ALL SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1 |
|
14 +#define SSL_MOST_ALL SSL_PROTOCOL_TLSV1 |
|
15 #endif |
|
16 #ifdef HAVE_TLSV1_X |
|
17 #define SSL_PROTOCOL_TLSV1_1 (1<<3) |
|
18 --- docs/manual/mod/mod_ssl.html.en |
|
19 +++ docs/manual/mod/mod_ssl.html.en |
|
20 @@ -1029,8 +1029,8 @@ |
|
21 <p> |
|
22 This is the Secure Sockets Layer (SSL) protocol, version 3.0, from |
|
23 the Netscape Corporation. |
|
24 - It is the successor to SSLv2 and the predecessor to TLSv1. It's supported by |
|
25 - almost all popular browsers.</p></li> |
|
26 + It is the successor to SSLv2 and the predecessor to TLSv1. Though its |
|
27 + use has been deprecated, because of weaknesses in the security of the protocol.</p></li> |
|
28 |
|
29 <li><code>TLSv1</code> |
|
30 <p> |
|
31 @@ -1050,13 +1050,11 @@ |
|
32 |
|
33 <li><code>All</code> |
|
34 <p> |
|
35 - This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' or |
|
36 - - when using OpenSSL 1.0.1 and later - |
|
37 - ``<code>+SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2</code>'', respectively.</p></li> |
|
38 + This is a shortcut for ``<code>+TLSv1 +TLSv1.1 +TLSv1.2</code>''.</p></li> |
|
39 </ul> |
|
40 <div class="example"><h3>Example</h3><p><code> |
|
41 # enable SSLv3 and all available TLSv1 flavors, but not SSLv2<br /> |
|
42 -SSLProtocol All -SSLv2 |
|
43 +SSLProtocol All +SSLv3 |
|
44 </code></p></div> |
|
45 |
|
46 </div> |