The response to POODLE vuln is generally dropping support for SSLv3 on servers and clients. It's 15 years old and has been recommended to be deprecated for a while now. So, anywhere in the squeezebox / LMS / Plugin code that uses SSL... it needs to be configured or set to be able to support TLS 1.0, 1.1, or 1.2, and any use of SSLv2 or SSLv3 should be removed. My guess is that there is a config option that needs to be changed in something like: IO::Socket::SSL http://search.cpan.org/~sullr/IO-Socket-SSL-2.000/lib/IO/Socket/SSL.pod#Common_Problems_with_SSL
Thanks for a good summary :-). Pretty much what I tried over the past days. Unfortunately I still haven't figured it out.
'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires recent versions of Net::SSLeay and openssl.
That's most likely what I have to investigate next. Make sure we run the latest of everything.
-- Michael _______________________________________________ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss