From 5fcc8ae5e011a00f01968fb6f638e790e5dde027 Mon Sep 17 00:00:00 2001
From: Jan Huwald <jh@sotun.de>
Date: Mon, 3 Feb 2014 01:18:53 +0100
Subject: improve ssl security: disable insecure renegtiation


diff --git a/ereproxy_config.erl b/ereproxy_config.erl
index 80bf243..c5604c5 100644
--- a/ereproxy_config.erl
+++ b/ereproxy_config.erl
@@ -8,7 +8,8 @@ config() ->
 	 ssl_opts = [{certfile, "example/cert.pem"},
 		     {keyfile, "example/key.pem"},
                      {versions, [tlsv1,  'tlsv1.1', 'tlsv1.2']},
-                     {ciphers, ciphers()}]
+                     {ciphers, ciphers()},
+		     {secure_renegotiate, true}]
 	}.
 
 %% select_destination
-- 
cgit v0.10.1