Re: POODLE and TLSv1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 10/17/2014 09:53 AM, James B. Byrne wrote:
> 
> I read this on the RHN commentary respecting cve-2014-3566:
> 
> 
> https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/:
> 
...
> 
> If read the advisory aright then TLSv1.0 suffers from exactly the same flaw as
> SSLv3.  So, how do I configure apache-2.2.15 to deny TLSv1.0 and keep service
> TLSv1.1+?
> 
> 

The same advisory recommends to use this config for 7 and 6.6 upwards

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

I guess you could try changing that to

SSLProtocol -All +TLSv1.1 +TLSv1.2

Don't know what you might break on the client side...

 - Thomas
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux