httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57120] Disable SSLv3 by default (POODLE)
Date Tue, 07 Apr 2015 09:24:09 GMT

Petr Sumbera <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #3 from Petr Sumbera <> ---
It would be probably better to disable SSLv3 in binary directly and not just in
ssl config file. Note that Apache 2.4 doesn't have SSLProtocol diretive in
sample ssl config file.

I'm proposing to limit SSL_PROTOCOL_ALL macro just fro TLS protocols. This
still allows to use SSLProtocol directive and add +SSLv3 if really needed.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message