From aaf49c2d585dc4e80ddd73b4383c20e6817b11a1 Mon Sep 17 00:00:00 2001 From: JT Olds Date: Tue, 14 Oct 2014 22:46:08 -0600 Subject: [PATCH] openssl: grave admonitions Change-Id: I03fa44c36300404c1efd636c6bb48d4a25be83e4 --- ctx.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ctx.go b/ctx.go index 30ba29a..921e9be 100644 --- a/ctx.go +++ b/ctx.go @@ -127,10 +127,13 @@ func newCtx(method *C.SSL_METHOD) (*Ctx, error) { type SSLVersion int const ( - SSLv3 SSLVersion = 0x02 - TLSv1 SSLVersion = 0x03 - TLSv1_1 SSLVersion = 0x04 - TLSv1_2 SSLVersion = 0x05 + SSLv3 SSLVersion = 0x02 // Vulnerable to "POODLE" attack. + TLSv1 SSLVersion = 0x03 + TLSv1_1 SSLVersion = 0x04 + TLSv1_2 SSLVersion = 0x05 + + // Make sure to disable SSLv2 and SSLv3 if you use this. SSLv3 is vulnerable + // to the "POODLE" attack, and SSLv2 is what, just don't even. AnyVersion SSLVersion = 0x06 )