Allow older SSL protocols to be disabled

Brought to you by: blaschke-oss, buccella, hellerda

#110 Allow older SSL protocols to be disabled

Milestone: 1.4.10

Status: open

Owner: Dave Heller

Labels: None

Priority: None

Category: Function

Updated: 2014-12-22

Created: 2014-12-21

Creator: Dave Heller

Private: No

With recent attention to vulnerabilities in older SSL protocols, it is useful to have a way to disable the protocols easily. This patch adds two new configuration properties, "sslNoSSLv3" and "sslNoTLSv1" to disable the indicated protocol. This sets the corresponding openssl option SSL_OP_NO_SSLv3 or SSL_OP_NO_TLSv1 as appropriate. See man SSL_CTX_set_options(3) for details.

There is no option to enable SSLv2. I figured that was not useful and would just open the possibility of misconfiguration. The code can be easily modified of this is required.

SFCB: #114

Discussion

Dave Heller - 2014-12-22

Commit [155e19] for v1.3
Commit [decd3c] for v1.4

Related

Commit: [155e19]
Commit: [decd3c]

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Allow older SSL protocols to be disabled

Release

Searches

Help

#110 Allow older SSL protocols to be disabled

Related

Discussion

Related