SSL POODLE Vulnerability
105 views
Skip to first unread message
Mike Seda
Oct 15, 2014, 6:52:21 PM10/15/14
to puppet...@googlegroups.com
Puppet Developers,
Based on the SSL POODLE vulnerability (
https://www.openssl.org/~bodo/ssl-poodle.pdf ), will you be patching
WEBrick to deny SSLv3 like you did with SSLv2 (
https://projects.puppetlabs.com/issues/19151 )?
Mike
Based on the SSL POODLE vulnerability (
https://www.openssl.org/~bodo/ssl-poodle.pdf ), will you be patching
WEBrick to deny SSLv3 like you did with SSLv2 (
https://projects.puppetlabs.com/issues/19151 )?
Mike
Michael Stahnke
Oct 16, 2014, 11:51:03 PM10/16/14
to puppet...@googlegroups.com
Yes, the next releases, commercial and open source will contain those fixes. Webrick isn't recommended to use in environments very large, so normally mitigation of this type can be done at the Apache/Nginx layer.
I did post something to our blog about remediation and exposure.
Mike
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/543EF513.3090300%40lillegroup.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages