|
 |
b64dea |
diff -rupN mod_nss-1.0.8.orig/nss.conf.in mod_nss-1.0.8/nss.conf.in
|
|
|
b64dea |
--- mod_nss-1.0.8.orig/nss.conf.in 2015-01-05 14:40:03.982283416 -0700
|
|
|
b64dea |
+++ mod_nss-1.0.8/nss.conf.in 2015-01-05 14:42:42.454075939 -0700
|
|
|
b64dea |
@@ -126,7 +126,7 @@ NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4
|
|
|
b64dea |
# Since all protocol ranges are completely inclusive, and no protocol in the
|
|
|
b64dea |
# middle of a range may be excluded, the entry "NSSProtocol SSLv3,TLSv1.1"
|
|
|
b64dea |
# is identical to the entry "NSSProtocol SSLv3,TLSv1.0,TLSv1.1".
|
|
|
b64dea |
-NSSProtocol SSLv3,TLSv1.0,TLSv1.1
|
|
|
b64dea |
+NSSProtocol TLSv1.0,TLSv1.1
|
|
|
b64dea |
|
|
|
b64dea |
# SSL Certificate Nickname:
|
|
|
b64dea |
# The nickname of the RSA server certificate you are going to use.
|
|
|
b64dea |
diff -rupN mod_nss-1.0.8.orig/nss_engine_init.c mod_nss-1.0.8/nss_engine_init.c
|
|
|
b64dea |
--- mod_nss-1.0.8.orig/nss_engine_init.c 2015-01-05 14:40:03.951283261 -0700
|
|
|
b64dea |
+++ mod_nss-1.0.8/nss_engine_init.c 2015-01-06 10:59:47.866985758 -0700
|
|
|
b64dea |
@@ -646,10 +646,10 @@ static void nss_init_ctx_protocol(server
|
|
|
b64dea |
} else {
|
|
|
b64dea |
if (mctx->auth.protocols == NULL) {
|
|
|
b64dea |
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
|
|
|
b64dea |
- "%s value not set; using: SSLv3, TLSv1.0, and TLSv1.1",
|
|
|
b64dea |
+ "%s value not set; using: TLSv1.0 and TLSv1.1",
|
|
|
b64dea |
protocol_marker);
|
|
|
b64dea |
|
|
|
b64dea |
- ssl3 = tls = tls1_1 = 1;
|
|
|
b64dea |
+ tls = tls1_1 = 1;
|
|
|
b64dea |
} else {
|
|
|
b64dea |
lprotocols = strdup(mctx->auth.protocols);
|
|
|
b64dea |
ap_str_tolower(lprotocols);
|