From 5ff7f58e5903cca4f99edd20f9db402163527fd6 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 15 Oct 2014 08:40:36 -0400
Subject: Tame the poodle. Disable SSLv3.

---
 etc/inc/system.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc')

diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index fcaeb57..0bb18e7 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1247,6 +1247,7 @@ EOD;
 
 		// Harden SSL a bit for PCI conformance testing
 		$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
+		$lighty_config .= "ssl.use-sslv3 = \"disable\"\n";
 
 		/* Hifn accelerators do NOT work with the BEAST mitigation code. Do not allow it to be enabled if a Hifn card has been detected. */
 		$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");
-- 
cgit v1.1