trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Geffon <bri...@apache.org>
Subject Re: POODLE and ATS configs
Date Tue, 14 Oct 2014 23:17:53 GMT
cc: users@

For users who want to immediately disable SSLv3 you should only need to
change proxy.config.ssl.SSLv3 in records.config to 0 and bounce
traffic_server.

Brian

On Tue, Oct 14, 2014 at 4:13 PM, Leif Hedstrom <zwoop@apache.org> wrote:

> Now that the POODLE is out of the bag, I think we should consider changing
> this for v5.1.1:
>
>   {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS,
> RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
>
>
> I believe this does have a drawback: certain browsers / UAs on some OSes
> might not have TLS support. I think (but not 100% certain) that IE on
> Windows/XP is one such case?
>
> Thoughts?
>
> — Leif
>
>
> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

Mime
View raw message