httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, Vodafone Group <ruediger.pl...@vodafone.com>
Subject AW: svn commit: r1705618 - /httpd/httpd/branches/2.4.x/STATUS
Date Mon, 28 Sep 2015 18:08:20 GMT


> -----Ursprüngliche Nachricht-----
> Von: Eric Covener [mailto:covener@gmail.com]
> Gesendet: Montag, 28. September 2015 19:00
> An: Apache HTTP Server Development List <dev@httpd.apache.org>
> Betreff: Re: svn commit: r1705618 - /httpd/httpd/branches/2.4.x/STATUS
> 
> On Mon, Sep 28, 2015 at 12:33 PM, William A Rowe Jr <wrowe@rowe-
> clan.net> wrote:
> > By which we mean TTLv1.0/SSLv3 because there is so little technical
> > difference between them.
> 
> AORN {
> I think there is enough difference to disable one by default and not
> the other.  The final straw for SSLv3 was POODLE. But POODLE on TLS
> 1.0 was fixable/fixed. The qualsys TLS best practice doc
> differentiates them, and the scanner dings you seriously for SSLv3 and
> not at all for TLS1.0.   From my own support work, anecdotally,
> commercial scan tools seem to treat things the same as qualsys.
> }
> 

+1. SSLv3 and TLS 1.0 are close, but there are some differences and the ability to prevent
POODLE is (an important) one of them.

Regards

Rüdiger
Mime
View raw message