How to prevent SSLv3/Poodle attack?

Sven Schwedas sven.schwedas at tao.at
Thu Oct 16 02:31:47 EDT 2014


On 2014-10-15 18:03, lst_hoe02 at kwsoft.de wrote:
> Unfortunately it looks like Cyrus can not disable SSLv3 protocol without
> disabling ciphers also used in TLSv1.x, no?

You can't disable it manually until Kristian's patch is merged, but with
Ubuntu's default cipher list I'm unable to establish an SSLv3 session
(while TLS v1.0 works). Mayhaps SSLv3 support was already broken before
and nobody noticed?

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20141016/719d730b/attachment.bin 


More information about the Info-cyrus mailing list