From 29be59ad8ed25830f4e50a89977aca53ad8a29f4 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 15 Oct 2014 08:40:36 -0400
Subject: Tame the poodle. Disable SSLv3.

---
 etc/inc/system.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index c40376c..a1ea489 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1152,6 +1152,7 @@ EOD;
 
 		// Harden SSL a bit for PCI conformance testing
 		$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
+		$lighty_config .= "ssl.use-sslv3 = \"disable\"\n";
 
 		/* Hifn accelerators do NOT work with the BEAST mitigation code. Do not allow it to be enabled if a Hifn card has been detected. */
 		$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");
-- 
cgit v1.1