diff options
| author | jsing <> | 2014-10-15 17:39:34 +0000 | 
|---|---|---|
| committer | jsing <> | 2014-10-15 17:39:34 +0000 | 
| commit | 9885a009cc08e4399b90b4b178f76457ec3ff093 (patch) | |
| tree | 7b13b9e7e81fc1ddf031b897badcd5def78ba440 /src/lib/libc/string | |
| parent | 2363d4ccbfbd5cb97ddca8e4b83a9ebe72751ec5 (diff) | |
| download | openbsd-9885a009cc08e4399b90b4b178f76457ec3ff093.tar.gz openbsd-9885a009cc08e4399b90b4b178f76457ec3ff093.tar.bz2 openbsd-9885a009cc08e4399b90b4b178f76457ec3ff093.zip | |
Disable SSLv3 by default.
SSLv3 has been long known to have weaknesses and the POODLE attack has
once again shown that it is effectively broken/insecure. As such, it is
time to stop enabling a protocol was deprecated almost 15 years ago.
If an application really wants to provide backwards compatibility, at the
cost of security, for now SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3) can be
used to re-enable it on a per-application basis.
General agreement from many.
ok miod@
Diffstat (limited to 'src/lib/libc/string')
0 files changed, 0 insertions, 0 deletions
