Override ssl_options.versions in the app descriptor

author: Michael Klishin <michael@rabbitmq.com> 2014-10-20 11:21:13 +0400
committer: Michael Klishin <michael@rabbitmq.com> 2014-10-20 11:21:13 +0400
commit: 40a8f5113225e923396cd2d4ab919ebf2c42921c (patch)
tree: bc8d59855cf0deced7cb24ccc6362e568d1166c2
parent: 2478b40901922dcf923a978dcbe7bea7979e1eb7 (diff)
download: rabbitmq-server-git-40a8f5113225e923396cd2d4ab919ebf2c42921c.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/ebin/rabbit_app.in b/ebin/rabbit_app.in
index 888e4dbabf..baebd4d884 100644
--- a/ebin/rabbit_app.in
+++ b/ebin/rabbit_app.in
@@ -16,7 +16,8 @@
   {mod, {rabbit, []}},
   {env, [{tcp_listeners, [5672]},
          {ssl_listeners, []},
-         {ssl_options, []},
+         %% Disables SSLv3 to mitigate the POODLE attack
+         {ssl_options, [{versions, ['tlsv1.2', 'tlsv1.1', tlsv1]}]},
          {vm_memory_high_watermark, 0.4},
          {vm_memory_high_watermark_paging_ratio, 0.5},
          {disk_free_limit, 50000000}, %% 50MB
author	Michael Klishin <michael@rabbitmq.com>	2014-10-20 11:21:13 +0400
committer	Michael Klishin <michael@rabbitmq.com>	2014-10-20 11:21:13 +0400
commit	40a8f5113225e923396cd2d4ab919ebf2c42921c (patch)
tree	bc8d59855cf0deced7cb24ccc6362e568d1166c2
parent	2478b40901922dcf923a978dcbe7bea7979e1eb7 (diff)
download	rabbitmq-server-git-40a8f5113225e923396cd2d4ab919ebf2c42921c.tar.gz