On Fri, 2015-01-16 at 17:41 +0100, Andre Speelmans wrote: > On Fri, Jan 16, 2015 at 3:45 AM, Matthew Saltzman <mjs@xxxxxxxxxxx> wrote: > > On Thu, 2015-01-15 at 19:09 +0100, Andre Speelmans wrote: > >> On Thu, Jan 15, 2015 at 3:40 AM, Matthew Saltzman <mjs@xxxxxxxxxxx> wrote: > >> > SSLLabs reports a couple of servers of mine have SSL v3 enabled and are > >> > vulnerable to POODLE. I followed instructions for Apache httpd at > >> > https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/, but that does not seem to cure the problem. > >> > SSLLabs still reports the servers as vulnerable. Does anyone know what I'm missing? > >> > >> Given that you are on the university network, are you sure there is no > >> proxy in between and that SSLLabs is testing the proxy? > > > > Good question. One of the servers is actually outside the university > > firewall, so I *thinK* that's not an issue, at least for that machine. > > I'm pretty sure that machines on the campus network are behind a network > > firewall, but not behind a campus proxy. > > Perhaps a simple way to test it would be to disable TLS in your > browser and try connecting to them? As you are inside the campus > network, you would probably not hit a proxy and if you only accept SSL > and not TLS, the connection should fail. > In firefox I would set security.tls.version.min to 10 or so and see > what happens. Note: I have not actually tried it, but I think that > would do the trick. Thanks for the suggestion. Changing the min (and fallback-limit, because I didn't know what that did) to 10 does not cause a failure to connect. So either (a) the server change didn't take or (b) the browser change didn't take or (c) I need to do something else in the browser to force SSLv3. Still confused... -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org