From 5bb4c10519f854396e19e3646fa2d47122d79422 Mon Sep 17 00:00:00 2001
From: Eric Sauvageau <rmerl@lostrealm.ca>
Date: Fri, 17 Oct 2014 02:10:57 -0400
Subject: [PATCH] SSL: disable SSLv2 and SSLv3 support - we now only support
 TLS 1.0 for https access.  That means IE6 users need to upgrade to something
 that's not as moldy.

---
 release/src/router/mssl/mssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release/src/router/mssl/mssl.c b/release/src/router/mssl/mssl.c
index 5d92ac57f29..a753b743cf1 100644
--- a/release/src/router/mssl/mssl.c
+++ b/release/src/router/mssl/mssl.c
@@ -243,7 +243,7 @@ int mssl_init(char *cert, char *priv)
 	// Create the new CTX with the method 
 	// If server=1, use TLSv1_server_method() or SSLv23_server_method()
 	// else 	use TLSv1_client_method() or SSLv23_client_method()
-	ctx = SSL_CTX_new(server ? SSLv23_server_method() : SSLv23_client_method()); // SSLv23 for IE
+	ctx = SSL_CTX_new(server ? TLSv1_server_method() : TLSv1_client_method()); // TLS 1.0 min, SSL2 and 3 are unsafe
 
 	if (!ctx) {
 		fprintf(stderr,"[ssl_init] SSL_CTX_new() failed\n"); // tmp test