mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
06f378fa65
The new default is to disable SSLv3, as this is no longer considered secure after CVE-2014-3566. Newer GnuTLS versions already disable SSLv3. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
23 lines
905 B
XML
23 lines
905 B
XML
<samba:parameter name="tls priority"
|
|
type="string"
|
|
context="G"
|
|
constant="1"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This option can be set to a string describing the TLS protocols
|
|
to be supported in the parts of Samba that use GnuTLS, specifically
|
|
the AD DC.
|
|
</para>
|
|
<para>The default turns off SSLv3, as this protocol is no longer considered
|
|
secure after CVE-2014-3566 (otherwise known as POODLE) impacted SSLv3 use
|
|
in HTTPS applications.
|
|
</para>
|
|
<para>The valid options are described in the
|
|
<ulink url="http://gnutls.org/manual/html_node/Priority-Strings.html">GNUTLS
|
|
Priority-Strings documentation at http://gnutls.org/manual/html_node/Priority-Strings.html</ulink>
|
|
</para>
|
|
</description>
|
|
|
|
<value type="default">NORMAL:-VERS-SSL3.0</value>
|
|
</samba:parameter>
|