Skip to content

Commit f8953f7

Browse files
tskirvintskirvin
committed
Turning off SSLv3 by default, re: CVE-2014-3566 (POODLE SSL vuln.)
1 parent 8e94543 commit f8953f7

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1781,7 +1781,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce
17811781

17821782
Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'.
17831783

1784-
If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2'.
1784+
If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'.
17851785

17861786
#####`ssl_cipher`
17871787

templates/mod/ssl.conf.erb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
SSLCryptoDevice builtin
2222
SSLHonorCipherOrder On
2323
SSLCipherSuite <%= @ssl_cipher %>
24-
SSLProtocol all -SSLv2
24+
SSLProtocol all -SSLv2 -SSLv3
2525
<% if @ssl_options -%>
2626
SSLOptions <%= @ssl_options.compact.join(' ') %>
2727
<% end -%>

0 commit comments

Comments
 (0)