diff options
author | Andrew Bartlett <abartlet@samba.org> | 2015-07-20 11:46:36 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2015-07-20 03:08:26 +0200 |
commit | 06f378fa652e0ff3cb5aae1b30eee4f73b570664 (patch) | |
tree | 014045265bed1dc83d3ca6deee522a78f4ccec1f /docs-xml | |
parent | 374d73617d71abf594cc92d335cd8bc60c10a1b7 (diff) | |
download | samba-06f378fa652e0ff3cb5aae1b30eee4f73b570664.tar.gz |
lib/tls: Change default supported TLS versions.
The new default is to disable SSLv3, as this is no longer considered
secure after CVE-2014-3566. Newer GnuTLS versions already disable SSLv3.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/smbdotconf/security/tlspriority.xml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/docs-xml/smbdotconf/security/tlspriority.xml b/docs-xml/smbdotconf/security/tlspriority.xml index 345f0302764..d399eef8eef 100644 --- a/docs-xml/smbdotconf/security/tlspriority.xml +++ b/docs-xml/smbdotconf/security/tlspriority.xml @@ -8,11 +8,15 @@ to be supported in the parts of Samba that use GnuTLS, specifically the AD DC. </para> + <para>The default turns off SSLv3, as this protocol is no longer considered + secure after CVE-2014-3566 (otherwise known as POODLE) impacted SSLv3 use + in HTTPS applications. + </para> <para>The valid options are described in the <ulink url="http://gnutls.org/manual/html_node/Priority-Strings.html">GNUTLS Priority-Strings documentation at http://gnutls.org/manual/html_node/Priority-Strings.html</ulink> </para> </description> - <value type="default">NORMAL</value> + <value type="default">NORMAL:-VERS-SSL3.0</value> </samba:parameter> |