From e94ab10e14edd2f6ca021cb2c77b9f9031665452 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 13 Dec 2016 15:49:13 +0900 Subject: TLS: new method to specify SSL/TLS version SSL/TLS protocols only listed in ssl_protocols should be used. The name "ssl_protocols" comes from nginx. Resolves #428. --- xrdp/xrdp.ini | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'xrdp/xrdp.ini') diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index 70e7afb9..ce4df137 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -25,8 +25,9 @@ crypt_level=high ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 certificate= key_file= -; specify whether SSLv3 should be disabled -#disableSSLv3=true +; set SSL protocols +; can be space separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2' +ssl_protocols=TLSv1 TLSv1.1 TLSv1.2 ; set TLS cipher suites #tls_ciphers=HIGH -- cgit v1.2.1