Thus said Jan Nijtmans on Wed, 17 Dec 2014 23:13:16 +0100: > <http://en.wikipedia.org/wiki/POODLE>
According to this article, disabling SSL 3.0 is only one way of dealing with the downgrade attack. Another way is for browsers/servers to implement TLS_FALLBACK_SCSV which will make it impossible. However, I wonder if Fossil's use of SSL is even vulnerable to such an attack in the first place? Fossil isn't exactly a browser and doesn't share any code with a browser (except using an SSL library). Anyone know if it is even susceptible? It seems that the article focuses mostly on browsers/servers, but perhaps it is actually the crypto library at fault? Andy -- TAI64 timestamp: 4000000054921d8a _______________________________________________ fossil-dev mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/fossil-dev
