diff options
author | Reyk Floeter <reyk@esdenera.com> | 2015-03-15 07:46:44 +0100 |
---|---|---|
committer | Reyk Floeter <reyk@esdenera.com> | 2015-03-15 07:46:44 +0100 |
commit | 9420295b964fcd0159cd17f7c115d6ceb2af400a (patch) | |
tree | 43fe4094d446e29383d04a500b216e0e5b920681 | |
parent | 7fdb196d97b9af7ed5e238ce8dca1ed5ad21ebbe (diff) | |
download | httpd-9420295b964fcd0159cd17f7c115d6ceb2af400a.tar.gz httpd-9420295b964fcd0159cd17f7c115d6ceb2af400a.zip |
sync; TLSv1.2-only
-rw-r--r-- | httpd/httpd.conf.5 | 10 | ||||
-rw-r--r-- | httpd/parse.y | 4 |
2 files changed, 7 insertions, 7 deletions
diff --git a/httpd/httpd.conf.5 b/httpd/httpd.conf.5 index acfb57a..3e815b9 100644 --- a/httpd/httpd.conf.5 +++ b/httpd/httpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: httpd.conf.5,v 1.54 2015/03/06 05:10:18 reyk Exp $ +.\" $OpenBSD: httpd.conf.5,v 1.55 2015/03/09 15:51:17 reyk Exp $ .\" .\" Copyright (c) 2014, 2015 Reyk Floeter <reyk@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 6 2015 $ +.Dd $Mdocdate: March 9 2015 $ .Dt HTTPD.CONF 5 .Os .Sh NAME @@ -394,9 +394,9 @@ root directory of .Nm httpd . .It Ic protocols Ar string Specify the TLS protocols to enable for this server. -If not specified, the default value -.Qq all -will be used (all available protocols). +If not specified, the value +.Qq default +will be used (secure protocols; TLSv1.2-only). Refer to the .Xr tls_config_parse_protocols 3 function for other valid protocol string values. diff --git a/httpd/parse.y b/httpd/parse.y index 7e48aba..50e51ab 100644 --- a/httpd/parse.y +++ b/httpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.65 2015/02/12 04:40:23 jsing Exp $ */ +/* $OpenBSD: parse.y,v 1.66 2015/03/09 15:46:45 reyk Exp $ */ /* * Copyright (c) 2007 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -237,7 +237,7 @@ server : SERVER STRING { s->srv_conf.maxrequestbody = SERVER_MAXREQUESTBODY; s->srv_conf.flags |= SRVFLAG_LOG; s->srv_conf.logformat = LOG_FORMAT_COMMON; - s->srv_conf.tls_protocols = TLS_PROTOCOLS_ALL; + s->srv_conf.tls_protocols = TLS_PROTOCOLS_DEFAULT; if ((s->srv_conf.tls_cert_file = strdup(HTTPD_TLS_CERT)) == NULL) fatal("out of memory"); |