X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl.h;h=a9d1fa5fccef0f3f896bb401c2b91160de173d00;hp=d0c42fa1d11762b0acaa796d90df51e2447f380c;hb=22c98d4aad76f39ab19e5b63e1448c7d28ca7617;hpb=cc7399e79cbe45ad363d2a67dd04cb599f9481eb

diff --git a/ssl/ssl.h b/ssl/ssl.h
index d0c42fa1d1..a9d1fa5fcc 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -324,8 +324,8 @@ extern "C" {
 /* The following cipher list is used by default.
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL"
-/* As of OpenSSL 0.9.9, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSlv2"
+/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  * starts with a reasonable order, and all we have to do for DEFAULT is
  * throwing out anonymous and unencrypted ciphersuites!
  * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable