Oct 16, 2014; 15:41
Patrick Larkin
OT: POODLE SSLv3 vulnerability
I=92m not really sure I understand this SSLv3 vulnerability. From what I can gather, you are supposed to disable SSLv3 on the server but Microsoft=92s tech note says to address it in the client browsers.
https://technet.microsoft.com/library/security/3009008.aspx
I also use MacOS X and apache so I went into the virtual host config and changed the following two lines from:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLProxyProtocol -ALL +SSLv3 +TLSv1
To this:
SSLProtocol -ALL -SSLv3 +TLSv1
SSLProxyProtocol -ALL -SSLv3 +TLSv1
and restarted apache. The site checker now confirms I=92m not using SSLv3 but what implications does this have?
PLEASE NOTE: My e-mail address has changed to: plarkin@basdschools.org
––
Patrick Larkin
Application Management Group
Information Technology
Bethlehem Area School District
https://www.beth.k12.pa.us
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Oct 16, 2014; 22:01
Pascal Geuns
Re: OT: POODLE SSLv3 vulnerability