Description: Remove SSLv3 default support if no ssl_protocols is defined.
Author: Thomas Ward <teward@dark-net.net>
Bug-Debian: https://bugs.debian.org/767456
Forwarded: no
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: nginx-1.6.2/src/http/modules/ngx_http_ssl_module.c
===================================================================
--- nginx-1.6.2.orig/src/http/modules/ngx_http_ssl_module.c	2014-11-01 21:48:40.961276972 -0400
+++ nginx-1.6.2/src/http/modules/ngx_http_ssl_module.c	2014-11-01 21:59:24.781034913 -0400
@@ -545,7 +545,7 @@
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
+                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
                           |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 
     ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,