From b7bf54ead607f72ee4bdbf2ef45231b441788f13 Mon Sep 17 00:00:00 2001
From: Simon MacMullen <simon@rabbitmq.com>
Date: Mon, 20 Oct 2014 12:55:01 +0100
Subject: Remove bad SSL versions from the configured ones, don't hard code
 good versions (which differ across Erlang releases). Never permit use of bad
 SSL versions. Export a function to do this with.

---
 ebin/rabbit_app.in | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'ebin')

diff --git a/ebin/rabbit_app.in b/ebin/rabbit_app.in
index baebd4d8..888e4dba 100644
--- a/ebin/rabbit_app.in
+++ b/ebin/rabbit_app.in
@@ -16,8 +16,7 @@
   {mod, {rabbit, []}},
   {env, [{tcp_listeners, [5672]},
          {ssl_listeners, []},
-         %% Disables SSLv3 to mitigate the POODLE attack
-         {ssl_options, [{versions, ['tlsv1.2', 'tlsv1.1', tlsv1]}]},
+         {ssl_options, []},
          {vm_memory_high_watermark, 0.4},
          {vm_memory_high_watermark_paging_ratio, 0.5},
          {disk_free_limit, 50000000}, %% 50MB
-- 
cgit v1.2.1