cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prashant Kumar Mishra <prashantkumar.mis...@citrix.com>
Subject Re: how to disable CPVM http trace and disable sslV3 poodle security issue
Date Thu, 20 Aug 2015 12:06:17 GMT
You need to upgrade  system vm templates , check the
https://blogs.apache.org/cloudstack/ for mote details


Related info thought might help

1. does changing in httpd.conf reflects the setting for apache2?  Use the
nmap script as suggested below to identify ssl versions on installed
system vm template. Check the suggested change works or not.

http://security.stackexchange.com/questions/70733/how-do-i-use-openssl-s-cl
ient-to-test-for-absence-of-sslv3-support

2. TLSv1.2 is the latest to be used and suggested default, ssl protocol
and the ciphers we use leads to vulnerability, the settings for these as
well should be available in similar config file. In our code, search for
TLS leads to usage at places, and assumption is that it should negotiate
the protocol version from configured and available latest version to
least, so if TLSv1.2 is configured on server and client supports it, then
it should work. 

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance
/118518-technote-esa-00.html

Regards,
Santhosh
__________




On 8/20/15, 11:43 AM, "jerry" <1163349@qq.com> wrote:

>hello,We use cloudstack 3.0.2 ,Since CPVM have http trace enable and
>sslV3 poodle securiy issue,           Does anyone how to disable it。 Some
>security tools said web proxy console link have php security issue,How to
>upgrade php for CPVM
>
>
>  Thanks


Mime
View raw message