Hi Rohit, 1. does changing in httpd.conf reflects the setting for apache2? Use the nmap script as suggested below to identify ssl versions on installed system vm template. Check the suggested change works or not.
http://security.stackexchange.com/questions/70733/how-do-i-use-openssl-s-client-to-test-for-absence-of-sslv3-support 2. TLSv1.2 is the latest to be used and suggested default, ssl protocol and the ciphers we use leads to vulnerability, the settings for these as well should be available in similar config file. In our code, search for TLS leads to usage at places, and assumption is that it should negotiate the protocol version from configured and available latest version to least, so if TLSv1.2 is configured on server and client supports it, then it should work. http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118518-technote-esa-00.html Regards, Santhosh ________________________________________ From: Rohit Yadav [rohit.ya...@shapeblue.com] Sent: Tuesday, November 04, 2014 2:04 AM To: dev@cloudstack.apache.org Cc: us...@cloudstack.apache.org Subject: Patched 4.3.1 SystemVMs (was Re: git commit: updated refs/heads/master to 88acc9b) Hi again, > On 04-Nov-2014, at 6:01 am, Santhosh Edukulla <santhosh.eduku...@citrix.com> > wrote: > > Apart from SSLv3, we may want to disable TLS1.0, TLS1.1, as they have similar > vulnerabilities. If we don’t support TLS v1.0, it will break console proxy on IE etc. Further, what vulnerabilities do TLS v1.0 and v1.1 have? Here’s the tool to check POODLE vulnerability on your servers: http://packages.shapeblue.com/tools/poodle-checker.sh (taken from RedHat) Patched systemvm template for 4.3.1 that fixes for ShellShock and POODLE: http://packages.shapeblue.com/systemvmtemplate/4.3/4.3.1 Regards, Rohit Yadav Software Architect, ShapeBlue M. +91 88 262 30892 | rohit.ya...@shapeblue.com Blog: bhaisaab.org | Twitter: @_bhaisaab Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.