There doesn't seem to be a way to disable SSL 3.0 protocol

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Go to a test site for SSL certificate: https://www.digicert.com/help

2. Enter your URL for a shellinbox server with SSL support and then click to 
check the SSL cert.

What is the expected output? What do you see instead?

It should show a green checkmark for Protocol Support without any warnings. 

Instead it shows this:

SSL 3.0 is an outdated protocol version with known vulnerabilities

This is easy to disable in the apache config file, but I don't see a way in the 
manual page on how to disable the protocol using shellinabox as a web server.

What version of the product are you using? On what operating system?

shellinabox-2.14-27.git88822c1.fc19.x86_64 already installed and latest version 
(on Fedora 19)

Please provide any additional information below.

For more information on the vulnerability:

https://www.digicert.com/cert-inspector-vulnerabilities.htm#ssl_3_protocol_enabl
ed

Original issue reported on code.google.com by [email protected] on 27 Nov 2014 at 7:33

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Issue 215 has a patch that is supposed to disable SSL 3.0 but it fails to build 
after applying it (for me); I've attached the log output from make.

Original comment by [email protected] on 27 Nov 2014 at 2:02

Attachments:

• output.txt

[GoogleCodeExporter]

A fix for this has been released by JGRennison on GitHub: 
https://github.com/JGRennison/shellinabox.

Original comment by [email protected] on 15 Dec 2014 at 8:46