diff options
author | Andrew Bartlett <abartlet@samba.org> | 2015-07-20 11:46:36 +1200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-03-29 00:41:17 +0200 |
commit | c8a3e039fa602cb8923cf90b2fc6ab4283af9053 (patch) | |
tree | 0988fcfda1dcbff95aa04be4e3bfe33dd26edf96 /docs-xml | |
parent | 839452e426233402be61ccb38f2af2edb2fcffe9 (diff) | |
download | samba-c8a3e039fa602cb8923cf90b2fc6ab4283af9053.tar.gz |
lib/tls: Change default supported TLS versions.
The new default is to disable SSLv3, as this is no longer considered
secure after CVE-2014-3566. Newer GnuTLS versions already disable SSLv3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
(similar to commit 06f378fa652e0ff3cb5aae1b30eee4f73b570664)
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/smbdotconf/security/tlspriority.xml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/docs-xml/smbdotconf/security/tlspriority.xml b/docs-xml/smbdotconf/security/tlspriority.xml index 345f0302764..d399eef8eef 100644 --- a/docs-xml/smbdotconf/security/tlspriority.xml +++ b/docs-xml/smbdotconf/security/tlspriority.xml @@ -8,11 +8,15 @@ to be supported in the parts of Samba that use GnuTLS, specifically the AD DC. </para> + <para>The default turns off SSLv3, as this protocol is no longer considered + secure after CVE-2014-3566 (otherwise known as POODLE) impacted SSLv3 use + in HTTPS applications. + </para> <para>The valid options are described in the <ulink url="http://gnutls.org/manual/html_node/Priority-Strings.html">GNUTLS Priority-Strings documentation at http://gnutls.org/manual/html_node/Priority-Strings.html</ulink> </para> </description> - <value type="default">NORMAL</value> + <value type="default">NORMAL:-VERS-SSL3.0</value> </samba:parameter> |