Skip to content

Commit

Permalink
Merge pull request #895 from tskirvin/master
Browse files Browse the repository at this point in the history 
Turning off SSLv3 by default, re: CVE-2014-3566 (POODLE SSL vuln.)
  • Loading branch information
@igalic
igalic committed Oct 16, 2014
2 parents 8e94543 + f8953f7 commit e69a892
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1781,7 +1781,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce

Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'.

If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2'.
If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'.

#####`ssl_cipher`

Expand Down
2 changes: 1 addition & 1 deletion templates/mod/ssl.conf.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
SSLCryptoDevice builtin
SSLHonorCipherOrder On
SSLCipherSuite <%= @ssl_cipher %>
SSLProtocol all -SSLv2
SSLProtocol all -SSLv2 -SSLv3
<% if @ssl_options -%>
SSLOptions <%= @ssl_options.compact.join(' ') %>
<% end -%>
Expand Down

0 comments on commit e69a892

Please sign in to comment.