On Mon, Sep 12, 2016 at 3:37 PM, Nux! <nux at li.nux.ro> wrote: > Hello, > > SSLLabs are currently giving my ocserv grade C because: > This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. > This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B. Check the tls-priorities option. Most likely you need to set something like: tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
