Re: [CalendarServer-users] Protect against new SSL vuln

2014-10-17 Thread Glyph Lefkowitz
> On Oct 17, 2014, at 6:36 AM, Cyrus Daboo wrote: > > Hi Glyph, > > --On October 17, 2014 at 2:10:02 AM -0700 Glyph > wrote: > >> In a future version of Twisted there will be the ability to specify >> minimum protocol version and excluded protocol version arguments, and >> SSLv23_METHOD shou

Re: [CalendarServer-users] Protect against new SSL vuln

2014-10-17 Thread Cyrus Daboo
Hi Glyph, --On October 17, 2014 at 2:10:02 AM -0700 Glyph wrote: In a future version of Twisted there will be the ability to specify minimum protocol version and excluded protocol version arguments, and SSLv23_METHOD should hopefully fade away and disappear into an internal implementation de

Re: [CalendarServer-users] Protect against new SSL vuln

2014-10-17 Thread Glyph
> On Oct 16, 2014, at 7:26 PM, Jacques Distler > wrote: > > I was confused by this, too. According to > >https://www.openssl.org/docs/ssl/SSL_CTX_new.html > > > SSLv23_method is a catch-all, allowing connections using SSLv2, SSLv3, TLSv

Re: [CalendarServer-users] Protect against new SSL vuln

2014-10-16 Thread Jacques Distler
On Oct 16, 2014, at 7:41 PM, Pascal Dallaire wrote: > Hello there, > > Thanks for answering so quickly! I’m trying to use the older variants method > before I upgrade the Calendar server completely. But in this patch, isn’t the > best method TLSv1? and not SSLv23? I was confused by this, too

Re: [CalendarServer-users] Protect against new SSL vuln

2014-10-16 Thread Pascal Dallaire
Hello there, Thanks for answering so quickly! I’m trying to use the older variants method before I upgrade the Calendar server completely. But in this patch, isn’t the best method TLSv1? and not SSLv23? Pascal Le 2014-10-16 à 12:42, Cyrus Daboo a écrit : > Hi Pascal, > > --On October 16, 20

Re: [CalendarServer-users] Protect against new SSL vuln

2014-10-16 Thread Cyrus Daboo
Hi Pascal, --On October 16, 2014 at 12:38:37 PM -0400 Pascal Dallaire wrote: What is the way to disable SSLv3 in CalendarServer to protect against POODLE? Our trunk code has the fix. The svn diff for the change is here: Depending on what

[CalendarServer-users] Protect against new SSL vuln

2014-10-16 Thread Pascal Dallaire
Hi to the list, What is the way to disable SSLv3 in CalendarServer to protect against POODLE? Thanks in advance Pascal ___ calendarserver-users mailing list calendarserver-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendar