net.http: Disable SSLv2 support for HTTPS connections

author Matthew Wild <mwild1@gmail.com>

Wed, 20 Mar 2013 20:31:52 +0000 (20:31 +0000)

committer Matthew Wild <mwild1@gmail.com>

Wed, 20 Mar 2013 20:31:52 +0000 (20:31 +0000)
author Matthew Wild <mwild1@gmail.com>
Wed, 20 Mar 2013 20:31:52 +0000 (20:31 +0000)
committer Matthew Wild <mwild1@gmail.com>
Wed, 20 Mar 2013 20:31:52 +0000 (20:31 +0000)
diff --git a/net/http.lua b/net/http.lua

index 9ed837e20a625c84674f2f1bc75bbf56a5a4d157..a1e4e52308200b7c05d4e97fe6476c93805305ff 100644 (file)
--- a/net/http.lua
+++ b/net/http.lua
@@ -190,7 +190,7 @@ function request(u, ex, callback)
         
         local sslctx = false;
         if using_https then
-               sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23" };
+               sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } };
         end
  
         req.handler, req.conn = server.wrapclient(conn, req.host, port, listener, "*a", sslctx);
author	Matthew Wild <mwild1@gmail.com>
	Wed, 20 Mar 2013 20:31:52 +0000 (20:31 +0000)
committer	Matthew Wild <mwild1@gmail.com>
	Wed, 20 Mar 2013 20:31:52 +0000 (20:31 +0000)