[asterisk-commits] r425986 - svn:log
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Oct 20 09:18:02 CDT 2014
Author: mjordan
Revision: 425986
Modified property: svn:log
Modified: svn:log at Mon Oct 20 09:18:02 2014
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Mon Oct 20 09:18:02 2014
@@ -6,7 +6,7 @@
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
- ecnryption methods, including SSLv2/SSLv3. A MITM can exploit this by
+ encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
More information about the asterisk-commits
mailing list