Do not lock SMTP STARTTLS to only use SSLv3

Brent Cook · Brent Cook · commit 3495d317b5f5 · 2015-07-10T11:17:31.000-05:00
SSLv3 has been deprecated for some time, and is being actively disabled more and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568). To maintain forward compatibility, do not specify a maximum version and insteady use the default from the local OpenSSL library instead. Fallbacks to older versions will happen on handshake as needed.
diff --git a/lib/msf/core/exploit/smtp_deliver.rb b/lib/msf/core/exploit/smtp_deliver.rb
@@ -229,7 +229,7 @@ def swap_sock_plain_to_ssl(nsock=self.sock)
   end
 
   def generate_ssl_context
-    ctx = OpenSSL::SSL::SSLContext.new(:SSLv3)
+    ctx = OpenSSL::SSL::SSLContext.new
     ctx.key = OpenSSL::PKey::RSA.new(1024){ }
 
     ctx.session_id_context = Rex::Text.rand_text(16)
