Subject: Force ssl_verify_server on, and disable SSLv2 and SSLv3 Author: Ludwig Nussel <ludwig.nussel@suse.de>, Tatsuya Kinoshita <tats@debian.org> Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4 Update README.SSL to follow default values Disable SSLv3 by default [CVE-2014-3566] cf. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ Force ssl_verify_server on and disable SSLv2 support Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4 diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL index 4aedfde..670ed5f 100644 --- a/doc-jp/README.SSL +++ b/doc-jp/README.SSL @@ -25,9 +25,9 @@ SSL ssl_forbid_method �Ȥ�ʤ�SSL��åɤΥꥹ��(2: SSLv2, 3: SSLv3, t: TLSv1) - (�ǥե���Ȥ�<NULL>). + (�ǥե���Ȥ�2, 3). ssl_verify_server ON/OFF - SSL�Υ�����ǧ�ڤ�Ԥ�(�ǥե���Ȥ�OFF). + SSL�Υ�����ǧ�ڤ�Ԥ�(�ǥե���Ȥ�ON). ssl_cert_file �ե�����̾ SSL�Υ��饤�������PEM����������ե�����(�ǥե���Ȥ�<NULL>). ssl_key_file �ե�����̾ diff --git a/fm.h b/fm.h index 8378939..ddcd4fc 100644 --- a/fm.h +++ b/fm.h @@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE); #endif #if defined(USE_SSL) && defined(USE_SSL_VERIFY) -global int ssl_verify_server init(FALSE); +global int ssl_verify_server init(TRUE); global char *ssl_cert_file init(NULL); global char *ssl_key_file init(NULL); global char *ssl_ca_path init(NULL); @@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE); #endif /* defined(USE_SSL) && * defined(USE_SSL_VERIFY) */ #ifdef USE_SSL -global char *ssl_forbid_method init(NULL); +global char *ssl_forbid_method init("2, 3"); #endif global int is_redisplay init(FALSE);