Hi server admins, Google today published a vulnerability in SSL which could allow an attacker to decrypt "secure" connections:
http://googleonlinesecurity.blogspot.se/2014/10/this-poodle-bites-exploiting-ssl-30.html For a dhis system the most practical solution is to simply disable SSL and rely on TLS, as it's mostly Internet Explorer 6 that does not support TLS, and DHIS 2 does not support IE 6 anyway. I have upgraded the nginx installation docs here <https://www.dhis2.org/doc/snapshot/en/implementer/html/ch08s03.html#d5e590>. To disable SSL and add support for all TLS version you can change this line: ssl_protocols SSLv3 TLSv1.1 TLSv1.2; to this: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; regards, Lars
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp