httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57120] Disable SSLv3 by default (POODLE)
Date Tue, 07 Apr 2015 09:24:09 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=57120

Petr Sumbera <petr.sumbera@oracle.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |petr.sumbera@oracle.com

--- Comment #3 from Petr Sumbera <petr.sumbera@oracle.com> ---
It would be probably better to disable SSLv3 in binary directly and not just in
ssl config file. Note that Apache 2.4 doesn't have SSLProtocol diretive in
sample ssl config file.

I'm proposing to limit SSL_PROTOCOL_ALL macro just fro TLS protocols. This
still allows to use SSLProtocol directive and add +SSLv3 if really needed.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message