Protection against POODLE SSLv3 Vulnerability - Bug #2921
12 views
Skip to first unread message
Davide Principi
unread,
Oct 22, 2014, 4:04:01 AM10/22/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to NethServer English
Since Thursday, Oct 16th the openssl-1.0.1e-30 RPM package containing
the fix that disables protocol downgrade (TLS_FALLBACK_SCSV) is
available from NethServer "centos-updates" repository.
Today, we released an update that disables SSLv2 and SSLv3 on httpd
daemon.
Disabling SSL on httpd drops compatibility with IE6. If you still have
it around (and cannot upgrade to a browser with TLS) then you need a
custom-template for httpd: feel free to ask for help on this ML.
For other daemons and services, after updating OpenSSL we suggest:
* check what services are still using the old library version:
# lsof -n | grep DEL | grep -F libssl.
* restart the services, or reboot the machine
* enable TLS and disable SSL protocols on the client-side, as the
protocol downgrade is already fixed on the server-side.
Packages in "nethserver-updates" repository:
nethserver-httpd-admin-1.3.3-1.ns6.noarch.rpm
nethserver-httpd-2.3.3-1.ns6.noarch.rpm