Disable SSLv3 by default [CVE-2014-3566]

cf. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
2014-10-15 18:14:12 +09:00
parent 05503271df
commit 1aace42d02
1 changed files with 1 additions and 1 deletions
--- a/fm.h
+++ b/fm.h
@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE);
 #endif				/* defined(USE_SSL) &&
 				 * defined(USE_SSL_VERIFY) */
 #ifdef USE_SSL
-global char *ssl_forbid_method init("2");
+global char *ssl_forbid_method init("2, 3");
 #endif

 global int is_redisplay init(FALSE);