directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Smits <pierre.sm...@gmail.com>
Subject Re: [ApacheDS] Disable usage of SSL (SSLv2 and SSL v3) protocol
Date Thu, 13 Nov 2014 15:50:52 GMT
Hi Shushant,

As Emmanuel already stated in his reply on Nov 10th in the user mailing
list, the Apache Directory Server is expected to be vulnerable with respect
to the 'POODLE' breach as it doesn't apply the SSLv2 or SSLv3 protocol. It
applies the the TLS protocol to have secure connections.

Best regards,

Pierre Smits

*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com

On Thu, Nov 13, 2014 at 4:32 PM, <shushant.kakkar@lhsystems.com> wrote:

>  Hello,
>
>
>
> Due to the security breach "POODLE" (detailed information see attachment)
> it is recommended to disable the support of the SSL v3 (and SSL v2)
> protocol (https://access.redhat.com/solutions/1232233). We could not find
> any documentation how achieve this goal for Apache DS. Is there any
> recommendation how to disable the protocol? Or will this issue be target in
> new release?
>
>
>
> Best regards,
>
> Shushant Kakkar
>
>
>
> *Von:* KAKKAR, SHUSHANT
> *Gesendet:* Montag, 10. November 2014 17:41
> *An:* 'dev@directory.apache.org'
> *Betreff:* Disable usage of SSL (SSLv2 and SSL v3) protocol
>
>
>
> Hello,
>
>
>
> Due to the security breach "POODLE" (detailed information see attachment)
> it is recommended to disable the support of the SSL v3 (and SSL v2)
> protocol (https://access.redhat.com/solutions/1232233). We could not find
> any documentation how achieve this goal. Is there any recommendation how to
> disable the protocol? Or will this issue be target in new release?
>
>
>
> Best regards,
>
> Shushant Kakkar
>

Mime
View raw message