Hi Pasi, On su, 2014-10-19 at 00:33 +0300, [email protected] wrote: > From: Pasi Sjöholm <[email protected]> > > As the web servers are migrating away from SSLv3 more secure > protocols need to be enabled.
I just wonder should we just disable sslv3 support all together? > > Thanks for Hannu Mallat noticing this. > --- > gweb/giognutls.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/gweb/giognutls.c b/gweb/giognutls.c > index 09dc9e7..687bf8f 100644 > --- a/gweb/giognutls.c > +++ b/gweb/giognutls.c > @@ -456,7 +456,8 @@ GIOChannel *g_io_channel_gnutls_new(int fd) > "NORMAL:%COMPAT", NULL); > #else > gnutls_priority_set_direct(gnutls_channel->session, > - "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT", NULL); > + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:" \ > + "+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT", NULL); > #endif > > gnutls_certificate_allocate_credentials(&gnutls_channel->cred); Cheers, Jukka _______________________________________________ connman mailing list [email protected] https://lists.connman.net/mailman/listinfo/connman
