I don't think we will want to push updates to disable ssl3 on existing systems, and I'm not sure how feasible it would be to push an update that only modifies the defaults for brand-new installs. I suspect the only thing to be done for 14.04 LTS is to educate system administrators about the risks of ssl3 and how to disable it.
We should certainly verify that ssl3 is disabled by default in xenial. Thanks ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1509586 Title: SSLv3 enabled in apache2 by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1509586/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
