blob: b47bbb691f285c986d87ad95b257c3ff9f0c1e0b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
Subject: Force ssl_verify_server on, and disable SSLv2 and SSLv3
Author: Ludwig Nussel <ludwig.nussel@suse.de>, Tatsuya Kinoshita <tats@debian.org>
Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4
Update README.SSL to follow default values
Disable SSLv3 by default [CVE-2014-3566]
cf. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
Force ssl_verify_server on and disable SSLv2 support
Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4
diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL
index 4aedfde..670ed5f 100644
--- a/doc-jp/README.SSL
+++ b/doc-jp/README.SSL
@@ -25,9 +25,9 @@ SSL
ssl_forbid_method
�Ȥ�ʤ�SSL��åɤΥꥹ��(2: SSLv2, 3: SSLv3, t: TLSv1)
- (�ǥե���Ȥ�<NULL>).
+ (�ǥե���Ȥ�2, 3).
ssl_verify_server ON/OFF
- SSL�Υ�����ǧ�ڤ�Ԥ�(�ǥե���Ȥ�OFF).
+ SSL�Υ�����ǧ�ڤ�Ԥ�(�ǥե���Ȥ�ON).
ssl_cert_file �ե�����̾
SSL�Υ��饤�������PEM����������ե�����(�ǥե���Ȥ�<NULL>).
ssl_key_file �ե�����̾
diff --git a/fm.h b/fm.h
index 8378939..ddcd4fc 100644
--- a/fm.h
+++ b/fm.h
@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE);
#endif
#if defined(USE_SSL) && defined(USE_SSL_VERIFY)
-global int ssl_verify_server init(FALSE);
+global int ssl_verify_server init(TRUE);
global char *ssl_cert_file init(NULL);
global char *ssl_key_file init(NULL);
global char *ssl_ca_path init(NULL);
@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE);
#endif /* defined(USE_SSL) &&
* defined(USE_SSL_VERIFY) */
#ifdef USE_SSL
-global char *ssl_forbid_method init(NULL);
+global char *ssl_forbid_method init("2, 3");
#endif
global int is_redisplay init(FALSE);
|
