summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2014-10-15 08:40:36 -0400
committerjim-p <jimp@pfsense.org>2014-10-15 08:41:11 -0400
commit29be59ad8ed25830f4e50a89977aca53ad8a29f4 (patch)
tree5304c371a0abf994660b036252ce968a26acb749
parent07c24bf190658ec675f19d36204d3a5185c6e0fc (diff)
downloadpfsense-29be59ad8ed25830f4e50a89977aca53ad8a29f4.zip
pfsense-29be59ad8ed25830f4e50a89977aca53ad8a29f4.tar.gz
Tame the poodle. Disable SSLv3.
-rw-r--r--etc/inc/system.inc1
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index c40376c..a1ea489 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1152,6 +1152,7 @@ EOD;
// Harden SSL a bit for PCI conformance testing
$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
+ $lighty_config .= "ssl.use-sslv3 = \"disable\"\n";
/* Hifn accelerators do NOT work with the BEAST mitigation code. Do not allow it to be enabled if a Hifn card has been detected. */
$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");
OpenPOWER on IntegriCloud