By default, the shipped `default` config file contains a commented-out section for SSL.
That SSL section has the SSLv3 parameter provided for `ssl_protocols`. This means that systems are vulnerable to SSLv3 and the POODLE vulnerability.
Can we remove that from the default section, even though it's commented out, so users don't use the insecure SSLv3 protocol anymore?
By default, the shipped `default` config file contains a commented-out section for SSL.
That SSL section has the SSLv3 parameter provided for `ssl_protocols`. This means that systems are vulnerable to SSLv3 and the POODLE vulnerability.
Can we remove that from the default section, even though it's commented out, so users don't use the insecure SSLv3 protocol anymore?