tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <>
Subject Re: More, Re: Question about vulnerability report
Date Mon, 08 Aug 2016 18:31:04 GMT
Hmm. This is interesting. says that neither our server nor the customer server 
is vulnerable to POODLE.

But says ours IS vulnerable to POODLE. Then (when I click 
"View Result") it says it isn't. Then (when I actually run the test 
again) it once again says it is. (I haven't tested the customer site 
because results are posted on the test home page, which would compromise 
the customer's privacy.)

Some other POODLE test sites don't appear to work at all. Others say 
we're not vulerable.

Manually testing both servers with
> curl -v3 -X HEAD
from a BASH session on my Mac, as per

comes back with the desired "failed handshake" message on both servers.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message