Thanks Nikos, I'll have a look at that option. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Nikos Mavrogiannopoulos" <n.mavrogiannopoulos at gmail.com> > To: "Nux!" <nux at li.nux.ro> > Cc: "openconnect-devel" <openconnect-devel at lists.infradead.org> > Sent: Tuesday, 13 September, 2016 15:20:44 > Subject: Re: Disable SSLv3 and RC4 > On Mon, Sep 12, 2016 at 3:37 PM, Nux! <nux at li.nux.ro> wrote: >> Hello, >> >> SSLLabs are currently giving my ocserv grade C because: >> This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to >> mitigate. Grade capped to C. >> This server accepts RC4 cipher, but only with older protocol versions. Grade >> capped to B. > > Check the tls-priorities option. Most likely you need to set something like: > tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
