Disable SSL3 and enable TLS1? / Ambiguous "DES-CBC3-SHA"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/04/2015 17:09, David Rueter wrote:
>>> You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
> Yes, I admit I am not distinguishing between these.  However, !SSLv3  in the
> cipher list does evidently disable the SSLv3 protocol as well--as evidenced
> by testing with https://www.ssllabs.com/ssltest
>
> Since I don't have source for the application I can only control OpenSSL's
> behavior through the cypher list.  I guess I will have to choose between
> leaving SSLv3 enabled and breaking Android and IE on XP users (that require
> TLSv1).
Is OpenSSL in its own DLL/DLLs?  If so, could you simply
recompile OpenSSL (at latestpatchlevel) without the SSL3
protocol?

This would also provide all the other security fixes that
have been added to OpenSSL since someone gave you the
program.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150407/19eb419e/attachment-0001.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux