TS-3135 Disable SSLv3 by default.

commit: 48c98554e8dfedf3b7d8fdfd1ec0fa65558165b8 [log] [tgz]
author: Leif Hedstrom <zwoop@apache.org> Tue Oct 14 21:03:31 2014 -0600
committer: Alan M. Carroll <amc@apache.org> Tue Oct 28 11:21:14 2014 -0500
tree: 6b689a53f678dfa22322f047783f1e3a7a806688
parent: 2d4a9686cfbdf8809bdbf47e2a04d008a25f3009 [diff]
diff --git a/CHANGES b/CHANGES
index e6ceb52..7fcb1b8 100644
--- a/CHANGES
+++ b/CHANGES

@@ -3,6 +3,9 @@
 
   *) [TS-2677] Fix potential open relay problem with CONNECT and remap.
 
+  *) [TS-3135] Disable SSLv3 by default. This can be enabled again by adding a
+   line to records.config for proxy.config.ssl.SSLv3.
+
 Changes with Apache Traffic Server 5.1.0
 
   *) [TS-3066] Fix various build issues for OmniOS, broken since 5.0.x.

diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 0146cf9..2f78e31 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc

@@ -1224,7 +1224,7 @@
   ,
   {RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
commit	48c98554e8dfedf3b7d8fdfd1ec0fa65558165b8	[log] [tgz]
author	Leif Hedstrom <zwoop@apache.org>	Tue Oct 14 21:03:31 2014 -0600
committer	Alan M. Carroll <amc@apache.org>	Tue Oct 28 11:21:14 2014 -0500
tree	6b689a53f678dfa22322f047783f1e3a7a806688
parent	2d4a9686cfbdf8809bdbf47e2a04d008a25f3009 [diff]