On Sat, Sep 19, 2015 at 4:05 AM, Kaspar Brand
wrote:
> On 17.10.2014 19:25, Kaspar Brand wrote:
> > On 17.10.2014 12:02, Takashi Sato wrote:
> >> SSLv3 is now insecure (CVE-2014-3566, POODLE)
> >> Let's disable SSLv3 by default, at least trunk.
> >>
>
On 17.10.2014 19:25, Kaspar Brand wrote:
> On 17.10.2014 12:02, Takashi Sato wrote:
>> SSLv3 is now insecure (CVE-2014-3566, POODLE)
>> Let's disable SSLv3 by default, at least trunk.
>>
>> SSLProtocol default is "all".
>> <http://httpd.apache.o
On 4 May 2015, at 22:26, William A Rowe Jr wrote:
>
> It seems to me that SAFE at this time is TLSv1.2.
>
> It also seems to me that the first problem to solve is to ensure if the user
> removes SSLv3 (+/- TLSv1.0) from their openssl installed binary, that we
> simply respect that. In that c
On Mon, May 4, 2015 at 4:26 PM, William A Rowe Jr
wrote:
> - Original Message -
> Subject: Re: Disable SSLv3 by default
> From: "Arkadiusz Miśkiewicz"
> Date: 10/17/14 1:57 pm
> To: dev@httpd.apache.org
>
> On Friday 17 of October 2014, Kaspar Br
- Original Message -
Subject: Re: Disable SSLv3 by default
From: "Arkadiusz Miśkiewicz"
Date: 10/17/14 1:57 pm
To: dev@httpd.apache.org
On Friday 17 of October 2014, Kaspar Brand wrote:
> On 17.10.2014 12:02, Takashi Sato wrote:
> > SSLv3 is now insecure (CV
Am 20.10.2014 um 19:17 schrieb wr...@rowe-clan.net:
Is this a responsible recommendation, though? Does TLSv1.0 offer any
significant improvement over SSLv3.0 that HTTP server project endorses?
Can or should 'we' officially designate SSLv3 as undesirable without
making the same recommendation fo
- Original Message - Subject: Re: Disable SSLv3 by default
From: "Arkadiusz Miśkiewicz"
Date: 10/17/14 1:57 pm
To: dev@httpd.apache.org
On Friday 17 of October 2014, Kaspar Brand wrote:
> On 17.10.2014 12:02, Takashi Sato wrote:
> > SSLv3 is now insecure (CV
On Friday 17 of October 2014, Kaspar Brand wrote:
> On 17.10.2014 12:02, Takashi Sato wrote:
> > SSLv3 is now insecure (CVE-2014-3566, POODLE)
> > Let's disable SSLv3 by default, at least trunk.
> >
> > SSLProtocol default is "all".
> > <
On 17.10.2014 12:02, Takashi Sato wrote:
> SSLv3 is now insecure (CVE-2014-3566, POODLE)
> Let's disable SSLv3 by default, at least trunk.
>
> SSLProtocol default is "all".
> <http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol>
> "all
that's right, SSLv3 is no longer secure.
2014-10-17 19:14 GMT+09:00 Reindl Harald :
>
> Am 17.10.2014 um 12:02 schrieb Takashi Sato:
>
> SSLv3 is now insecure (CVE-2014-3566, POODLE)
>> Let's disable SSLv3 by default, at least trunk.
>>
>>
Am 17.10.2014 um 12:02 schrieb Takashi Sato:
SSLv3 is now insecure (CVE-2014-3566, POODLE)
Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is "all".
<http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol>
"all" means "a shor
SSLv3 is now insecure (CVE-2014-3566, POODLE)
Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is "all".
<http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol>
"all" means "a shortcut for ``+SSLv3 +TLSv1'' or - when u
12 matches
Mail list logo
