pveproxy: also support newer tls versions

author Dietmar Maurer <dietmar@proxmox.com>

Tue, 2 Dec 2014 13:01:32 +0000 (14:01 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 2 Dec 2014 13:01:32 +0000 (14:01 +0100)
author Dietmar Maurer <dietmar@proxmox.com>
Tue, 2 Dec 2014 13:01:32 +0000 (14:01 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 2 Dec 2014 13:01:32 +0000 (14:01 +0100)
diff --git a/bin/pveproxy b/bin/pveproxy

index b1d4800b2b64822767d264b86ea53ecae35a7c13..9752bce07b9d4a9dd7b041c69658dedfd7d682c2 100755 (executable)
--- a/bin/pveproxy
+++ b/bin/pveproxy
@@ -107,7 +107,8 @@ eval {
         ssl => {
             # Note: older versions are considered insecure, for example
             # search for "Poodle"-Attac
-           method => "tlsv1",
+           sslv2 => 0,
+           sslv3 => 0,     
             cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
             key_file => '/etc/pve/local/pve-ssl.key',
             cert_file => '/etc/pve/local/pve-ssl.pem',
author	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 2 Dec 2014 13:01:32 +0000 (14:01 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 2 Dec 2014 13:01:32 +0000 (14:01 +0100)