summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/security/tlspriority.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/smbdotconf/security/tlspriority.xml')
-rw-r--r--docs-xml/smbdotconf/security/tlspriority.xml10
1 files changed, 5 insertions, 5 deletions
diff --git a/docs-xml/smbdotconf/security/tlspriority.xml b/docs-xml/smbdotconf/security/tlspriority.xml
index d7214a4c1ea..6d1f0dcb912 100644
--- a/docs-xml/smbdotconf/security/tlspriority.xml
+++ b/docs-xml/smbdotconf/security/tlspriority.xml
@@ -7,15 +7,15 @@
to be supported in the parts of Samba that use GnuTLS, specifically
the AD DC.
</para>
- <para>The default turns off SSLv3, as this protocol is no longer considered
- secure after CVE-2014-3566 (otherwise known as POODLE) impacted SSLv3 use
- in HTTPS applications.
- </para>
+ <para>The string is appended to the default priority list of GnuTLS.</para>
<para>The valid options are described in the
<ulink url="http://gnutls.org/manual/html_node/Priority-Strings.html">GNUTLS
Priority-Strings documentation at http://gnutls.org/manual/html_node/Priority-Strings.html</ulink>
</para>
+ <para>By default it will try to find a config file matching "SAMBA", but if
+ that does not exist will use the entry for "SYSTEM" and last fallback to
+ NORMAL. In all cases the SSL3.0 protocol will be disabled.</para>
</description>
- <value type="default">NORMAL:-VERS-SSL3.0</value>
+ <value type="default">@SAMBA,SYSTEM,NORMAL:!-VERS-SSL3.0</value>
</samba:parameter>
View Lorry Controller Status