MEDIUM: ssl: disable SSLv3 per default for bind For security, disable SSLv3 on bind line must be the default configuration. SSLv3 can be enabled with "ssl-min-ver SSLv3".

commit: bd695fe024e8028fc96a5222c26dadf84f05402d [log] [tgz]
author: Emmanuel Hocdet <manu@gandi.net> Mon May 15 15:53:41 2017 +0200
committer: Willy Tarreau <w@1wt.eu> Fri Jun 02 16:43:16 2017 +0200
tree: bf820527fb6d0455a8ec68ca0dbab7307d2ec4b1
parent: df701a2adbc57670bb6fffd4744f5deae23d11e4 [diff] [blame]
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 19c1132..61376fc 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -10678,7 +10678,8 @@
   enables SSL deciphering on connections instantiated from this listener. A
   certificate is necessary (see "crt" above). All contents in the buffers will
   appear in clear text, so that ACLs and HTTP processing will only have access
-  to deciphered contents.
+  to deciphered contents. SSLv3 is disabled per default, use "ssl-min-ver SSLv3"
+  to enable it.
 
 ssl-max-ver [ SSLv3 | TLSv1.0 | TLSv1.1 | TLSv1.2 | TLSv1.3 ]
   This option enforces use of <version> or lower on SSL connections instantiated
commit	bd695fe024e8028fc96a5222c26dadf84f05402d	[log] [tgz]
author	Emmanuel Hocdet <manu@gandi.net>	Mon May 15 15:53:41 2017 +0200
committer	Willy Tarreau <w@1wt.eu>	Fri Jun 02 16:43:16 2017 +0200
tree	bf820527fb6d0455a8ec68ca0dbab7307d2ec4b1
parent	df701a2adbc57670bb6fffd4744f5deae23d11e4 [diff] [blame]