svn commit: r1104340 - in /trafficserver/traffic/trunk: mgmt/RecordsConfig.cc proxy/config/records.config.default.in

Tue, 17 May 2011 08:35:05 -0700 

Author: zwoop
Date: Tue May 17 15:34:41 2011
New Revision: 1104340

URL: http://svn.apache.org/viewvc?rev=1104340&view=rev
Log:
TS-787 Disable SSLv2 by default (when SSL is enabled)

Author: Zhao Yongming
Review: Leif

Modified:
    trafficserver/traffic/trunk/mgmt/RecordsConfig.cc
    trafficserver/traffic/trunk/proxy/config/records.config.default.in

Modified: trafficserver/traffic/trunk/mgmt/RecordsConfig.cc
URL: 
http://svn.apache.org/viewvc/trafficserver/traffic/trunk/mgmt/RecordsConfig.cc?rev=1104340&r1=1104339&r2=1104340&view=diff
==============================================================================
--- trafficserver/traffic/trunk/mgmt/RecordsConfig.cc (original)
+++ trafficserver/traffic/trunk/mgmt/RecordsConfig.cc Tue May 17 15:34:41 2011
@@ -1277,7 +1277,7 @@ RecordElement RecordsConfig[] = {
   
//##############################################################################
   {RECT_CONFIG, "proxy.config.ssl.enabled", RECD_INT, "0", RECU_RESTART_TS, 
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "1", RECU_RESTART_TS, 
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+  {RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "0", RECU_RESTART_TS, 
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, 
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,

Modified: trafficserver/traffic/trunk/proxy/config/records.config.default.in
URL: 
http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/config/records.config.default.in?rev=1104340&r1=1104339&r2=1104340&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/config/records.config.default.in 
(original)
+++ trafficserver/traffic/trunk/proxy/config/records.config.default.in Tue May 
17 15:34:41 2011
@@ -470,9 +470,9 @@ CONFIG proxy.config.ssl.enabled INT 0
    # override that here (set it to a non-zero value).
 CONFIG proxy.config.ssl.number.threads INT 0
    # The following three variables can be
-   # set to 0 to disable SSLv2, SSLv3,
-   # and/or TLSv1
-CONFIG proxy.config.ssl.SSLv2 INT 1
+   # set to 0 to disable SSLv2, SSLv3, and/or TLSv1.
+   # SSLv2 is disabled by default for security concern.
+CONFIG proxy.config.ssl.SSLv2 INT 0
 CONFIG proxy.config.ssl.SSLv3 INT 1
 CONFIG proxy.config.ssl.TLSv1 INT 1
 CONFIG proxy.config.ssl.server_port INT 443

Reply via email to