From 05503271dfd26b843589dece0da35ba5d7d38654 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Wed, 15 Oct 2014 18:11:45 +0900 Subject: Force ssl_verify_server on and disable SSLv2 support Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4 --- fm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fm.h') diff --git a/fm.h b/fm.h index 8378939..9810c31 100644 --- a/fm.h +++ b/fm.h @@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE); #endif #if defined(USE_SSL) && defined(USE_SSL_VERIFY) -global int ssl_verify_server init(FALSE); +global int ssl_verify_server init(TRUE); global char *ssl_cert_file init(NULL); global char *ssl_key_file init(NULL); global char *ssl_ca_path init(NULL); @@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE); #endif /* defined(USE_SSL) && * defined(USE_SSL_VERIFY) */ #ifdef USE_SSL -global char *ssl_forbid_method init(NULL); +global char *ssl_forbid_method init("2"); #endif global int is_redisplay init(FALSE); -- cgit v1.2.3 From 1aace42d026c7df31c4762ef1095ce83450916fc Mon Sep 17 00:00:00 2001 From: Tatsuya Kinoshita Date: Wed, 15 Oct 2014 18:14:12 +0900 Subject: Disable SSLv3 by default [CVE-2014-3566] cf. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ --- fm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fm.h') diff --git a/fm.h b/fm.h index 9810c31..ddcd4fc 100644 --- a/fm.h +++ b/fm.h @@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE); #endif /* defined(USE_SSL) && * defined(USE_SSL_VERIFY) */ #ifdef USE_SSL -global char *ssl_forbid_method init("2"); +global char *ssl_forbid_method init("2, 3"); #endif global int is_redisplay init(FALSE); -- cgit v1.2.3