From 9420295b964fcd0159cd17f7c115d6ceb2af400a Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Sun, 15 Mar 2015 07:46:44 +0100 Subject: sync; TLSv1.2-only --- httpd/httpd.conf.5 | 10 +++++----- httpd/parse.y | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/httpd/httpd.conf.5 b/httpd/httpd.conf.5 index acfb57a..3e815b9 100644 --- a/httpd/httpd.conf.5 +++ b/httpd/httpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: httpd.conf.5,v 1.54 2015/03/06 05:10:18 reyk Exp $ +.\" $OpenBSD: httpd.conf.5,v 1.55 2015/03/09 15:51:17 reyk Exp $ .\" .\" Copyright (c) 2014, 2015 Reyk Floeter .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 6 2015 $ +.Dd $Mdocdate: March 9 2015 $ .Dt HTTPD.CONF 5 .Os .Sh NAME @@ -394,9 +394,9 @@ root directory of .Nm httpd . .It Ic protocols Ar string Specify the TLS protocols to enable for this server. -If not specified, the default value -.Qq all -will be used (all available protocols). +If not specified, the value +.Qq default +will be used (secure protocols; TLSv1.2-only). Refer to the .Xr tls_config_parse_protocols 3 function for other valid protocol string values. diff --git a/httpd/parse.y b/httpd/parse.y index 7e48aba..50e51ab 100644 --- a/httpd/parse.y +++ b/httpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.65 2015/02/12 04:40:23 jsing Exp $ */ +/* $OpenBSD: parse.y,v 1.66 2015/03/09 15:46:45 reyk Exp $ */ /* * Copyright (c) 2007 - 2015 Reyk Floeter @@ -237,7 +237,7 @@ server : SERVER STRING { s->srv_conf.maxrequestbody = SERVER_MAXREQUESTBODY; s->srv_conf.flags |= SRVFLAG_LOG; s->srv_conf.logformat = LOG_FORMAT_COMMON; - s->srv_conf.tls_protocols = TLS_PROTOCOLS_ALL; + s->srv_conf.tls_protocols = TLS_PROTOCOLS_DEFAULT; if ((s->srv_conf.tls_cert_file = strdup(HTTPD_TLS_CERT)) == NULL) fatal("out of memory"); -- cgit v1.2.3-54-g00ecf