sync; TLSv1.2-only

2 files changed, 7 insertions, 7 deletions

diff --git a/httpd/httpd.conf.5 b/httpd/httpd.conf.5
index acfb57a..3e815b9 100644
--- a/httpd/httpd.conf.5
+++ b/httpd/httpd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: httpd.conf.5,v 1.54 2015/03/06 05:10:18 reyk Exp $
+.\"	$OpenBSD: httpd.conf.5,v 1.55 2015/03/09 15:51:17 reyk Exp $
 .\"
 .\" Copyright (c) 2014, 2015 Reyk Floeter <reyk@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 6 2015 $
+.Dd $Mdocdate: March 9 2015 $
 .Dt HTTPD.CONF 5
 .Os
 .Sh NAME
@@ -394,9 +394,9 @@ root directory of
 .Nm httpd .
 .It Ic protocols Ar string
 Specify the TLS protocols to enable for this server.
-If not specified, the default value
-.Qq all
-will be used (all available protocols).
+If not specified, the value
+.Qq default
+will be used (secure protocols; TLSv1.2-only).
 Refer to the
 .Xr tls_config_parse_protocols 3
 function for other valid protocol string values.
diff --git a/httpd/parse.y b/httpd/parse.y
index 7e48aba..50e51ab 100644
--- a/httpd/parse.y
+++ b/httpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.65 2015/02/12 04:40:23 jsing Exp $	*/
+/*	$OpenBSD: parse.y,v 1.66 2015/03/09 15:46:45 reyk Exp $	*/
 
 /*
  * Copyright (c) 2007 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -237,7 +237,7 @@ server		: SERVER STRING		{
 			s->srv_conf.maxrequestbody = SERVER_MAXREQUESTBODY;
 			s->srv_conf.flags |= SRVFLAG_LOG;
 			s->srv_conf.logformat = LOG_FORMAT_COMMON;
-			s->srv_conf.tls_protocols = TLS_PROTOCOLS_ALL;
+			s->srv_conf.tls_protocols = TLS_PROTOCOLS_DEFAULT;
 			if ((s->srv_conf.tls_cert_file =
 			    strdup(HTTPD_TLS_CERT)) == NULL)
 				fatal("out of memory");