pveproxy: limit ourselfes to tlsv1

author Dietmar Maurer <dietmar@proxmox.com>

Wed, 15 Oct 2014 13:46:47 +0000 (15:46 +0200)

committer Dietmar Maurer <dietmar@proxmox.com>

Wed, 15 Oct 2014 13:46:47 +0000 (15:46 +0200)
author Dietmar Maurer <dietmar@proxmox.com>
Wed, 15 Oct 2014 13:46:47 +0000 (15:46 +0200)
committer Dietmar Maurer <dietmar@proxmox.com>
Wed, 15 Oct 2014 13:46:47 +0000 (15:46 +0200)
diff --git a/bin/pveproxy b/bin/pveproxy

index 9b16e394c3e6b4a037c49fd324d80255787ff24b..b1d4800b2b64822767d264b86ea53ecae35a7c13 100755 (executable)
--- a/bin/pveproxy
+++ b/bin/pveproxy
@@ -105,6 +105,9 @@ eval {
         logfile => '/var/log/pveproxy/access.log',
         lockfile => $lockfile,
         ssl => {
+           # Note: older versions are considered insecure, for example
+           # search for "Poodle"-Attac
+           method => "tlsv1",
             cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
             key_file => '/etc/pve/local/pve-ssl.key',
             cert_file => '/etc/pve/local/pve-ssl.pem',
author	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 15 Oct 2014 13:46:47 +0000 (15:46 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 15 Oct 2014 13:46:47 +0000 (15:46 +0200)