Remove SSLv2 and SSLv3 references from the example relayd.conf and the

relevant example snippet in the relayd.conf(5) man page.

Change the default SSL protocols in the example file/man page to
"no tlsv1.0" (suggested by sthen@), which will enable the TLSv1.1
and TLSv1.2 protocols only.

feedback/ok jsing@ reyk@ sthen@

2 files changed, 5 insertions, 5 deletions

diff --git a/etc/examples/relayd.conf b/etc/examples/relayd.conf
index efb9dc4a448..4de1d27cd63 100644
--- a/etc/examples/relayd.conf
+++ b/etc/examples/relayd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: relayd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $
+# $OpenBSD: relayd.conf,v 1.2 2014/10/21 02:29:54 lteo Exp $
 #
 # Macros
 #
@@ -45,7 +45,7 @@ http protocol httpssl {
 	# Various TCP performance options
 	tcp { nodelay, sack, socket buffer 65536, backlog 128 }
 
-#	ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
+#	ssl { no tlsv1.0, ciphers HIGH }
 #	ssl session cache disable
 }
 
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index 6edc553a4f0..ffac08b1175 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: relayd.conf.5,v 1.150 2014/10/15 11:06:16 reyk Exp $
+.\"	$OpenBSD: relayd.conf.5,v 1.151 2014/10/21 02:29:54 lteo Exp $
 .\"
 .\" Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
 .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 15 2014 $
+.Dd $Mdocdate: October 21 2014 $
 .Dt RELAYD.CONF 5
 .Os
 .Sh NAME
@@ -1472,7 +1472,7 @@ http protocol "http_ssl" {
 	pass
 	block path "/cgi-bin/index.cgi" value "*command=*"
 
-	ssl { sslv2, ciphers "MEDIUM:HIGH" }
+	ssl { no tlsv1.0, ciphers "HIGH" }
 }
 
 relay "sslaccel" {