Mapping users (either KerberosV or TLS certs)

Phil Pennock info-cyrus-spodhuis at spodhuis.org
Thu Jul 13 17:13:51 EDT 2006


On 2006-07-06 at 12:58 +0100, Dennis Davis wrote:
> Is there a reason I'm probably missing for the "!SSLv2" ?

I said "mostly whim" but something was nagging at my memory, a
suggestion of more than silly fancy.  It just clicked.

SSL version rollback attacks last year.  I fixed OpenSSL but went around
and made sure that all configurable services couldn't be rolled back by
simply refusing to use SSLv2.  Some were like that anyway, such as
Apache from when I was first learning SSL in more depth and what the
cipher list values meant, but most things I had left at their defaults.

<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969>
-- 
"Everything has three factors: politics, money, and the right way to do it.
 In that order."  -- Gary Donahue


More information about the Info-cyrus mailing list