CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2014/10/15 11:39:34
Modified files:
lib/libssl/src/ssl: ssl_lib.c
Log message:
Disable SSLv3 by default.
SSLv3 has been long known to have weaknesses and the POODLE attack has
once again shown that it is effectively broken/insecure. As such, it is
time to stop enabling a protocol was deprecated almost 15 years ago.
If an application really wants to provide backwards compatibility, at the
cost of security, for now SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3) can be
used to re-enable it on a per-application basis.
General agreement from many.
ok miod@
