seems like a good time to make the ressl default TLSv1 only.

ok guenther

2 files changed, 5 insertions, 6 deletions

diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h
index 0795a33162..8fa2788077 100644
--- a/src/lib/libressl/ressl.h
+++ b/src/lib/libressl/ressl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.h,v 1.19 2014/10/09 22:04:33 tedu Exp $ */
+/* $OpenBSD: ressl.h,v 1.20 2014/10/14 22:05:28 tedu Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -26,8 +26,7 @@
 #define RESSL_PROTOCOL_TLSv1_2  (1 << 3)
 #define RESSL_PROTOCOL_TLSv1 \
         (RESSL_PROTOCOL_TLSv1_0|RESSL_PROTOCOL_TLSv1_1|RESSL_PROTOCOL_TLSv1_2)
-#define RESSL_PROTOCOLS_DEFAULT \
-        (RESSL_PROTOCOL_SSLv3|RESSL_PROTOCOL_TLSv1)
+#define RESSL_PROTOCOLS_DEFAULT RESSL_PROTOCOL_TLSv1
 
 #define RESSL_READ_AGAIN        -2
 #define RESSL_WRITE_AGAIN       -3
diff --git a/src/lib/libressl/ressl_init.3 b/src/lib/libressl/ressl_init.3
index 8f47a667eb..b881d171e4 100644
--- a/src/lib/libressl/ressl_init.3
+++ b/src/lib/libressl/ressl_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ressl_init.3,v 1.5 2014/10/08 19:17:55 tedu Exp $
+.\" $OpenBSD: ressl_init.3,v 1.6 2014/10/14 22:05:28 tedu Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 8 2014 $
+.Dd $Mdocdate: October 14 2014 $
 .Dt RESSL 3
 .Os
 .Sh NAME
@@ -227,7 +227,7 @@ Additionally, the values
 .Dv RESSL_PROTOCOL_TLSv1
 (all TLS versions) and
 .Dv RESSL_PROTOCOLS_DEFAULT
-(all versions) may be used.
+(currently all TLS versions) may be used.
 .Em (Client and server)
 .It
 .Fn ressl_config_clear_keys