From f1816836f3b2e21414e2c18c1eed85e3342a087e Mon Sep 17 00:00:00 2001
From: Tom Cammann <tom.cammann@hp.com>
Date: Thu, 16 Oct 2014 11:04:12 +0100
Subject: [PATCH] Disable SSLv3 in Stunnel

In light of the POODLE vulnerability SSLv3 should be disabled.

Change-Id: Ic5de6683b6798682844e4801ccdf5577e9a65dac
---
 .../openstack-ssl/os-apply-config/etc/stunnel/from-heat.conf    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/elements/openstack-ssl/os-apply-config/etc/stunnel/from-heat.conf b/elements/openstack-ssl/os-apply-config/etc/stunnel/from-heat.conf
index 99f4b622c..9343622bb 100644
--- a/elements/openstack-ssl/os-apply-config/etc/stunnel/from-heat.conf
+++ b/elements/openstack-ssl/os-apply-config/etc/stunnel/from-heat.conf
@@ -1,7 +1,7 @@
 pid = /var/run/stunnel4/from-heat.pid
 cert = /etc/ssl/from-heat.crt
 key = /etc/ssl/from-heat.key
-options = NO_SSLv2
+options = NO_SSLv2 NO_SSLv3
 
 {{#stunnel.ports}}
 [{{name}}]