summaryrefslogtreecommitdiff
path: root/usr.sbin/relayd/relayd.h
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2015-03-09 17:20:39 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2015-03-09 17:20:39 +0000
commitcf5e350fc224bdc18ec7a3ddd6134e62d8678cf2 (patch)
tree42bb3bba6b2aa46f850fe8bb02d6308273a6cb7c /usr.sbin/relayd/relayd.h
parentd8fcd7ec79eb4b26dff4992024c3241d44fdb784 (diff)
Make relayd TLSv1.2-only by default.
OK krw@ benno@ Based on revision 1.66 of usr.sbin/httpd/parse.y: Make httpd TLSv1.2-only by default. Some older browsers, like IE 10, will be incompatible with this change. We do this early in the release cycle, so there is a good chance to get more experience with the impact of it and the upcoming restricted cipher modes. OK jsing@ deraadt@ benno@ bmercer@ krw@ florian@
Diffstat (limited to 'usr.sbin/relayd/relayd.h')
-rw-r--r--usr.sbin/relayd/relayd.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 2bdfe553349..66bc59a8df6 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.207 2015/01/22 17:42:09 reyk Exp $ */
+/* $OpenBSD: relayd.h,v 1.208 2015/03/09 17:20:38 reyk Exp $ */
/*
* Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -665,7 +665,7 @@ TAILQ_HEAD(relay_rules, relay_rule);
#define TLSFLAG_CIPHER_SERVER_PREF 0x20
#define TLSFLAG_CLIENT_RENEG 0x40
#define TLSFLAG_DEFAULT \
- (TLSFLAG_TLSV1|TLSFLAG_CLIENT_RENEG)
+ (TLSFLAG_TLSV1_2|TLSFLAG_CLIENT_RENEG)
#define TLSFLAG_BITS \
"\06\01sslv3\02tlsv1.0\03tlsv1.1\04tlsv1.2" \
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 07:28:36 +0000