Hello!
After disabling SSLv3:
SSLOptions ALL -SSLv3
we noticed, that curl itself and libcurl-using programs (such as git) stopped
working on some of the (older) systems -- such as RHEL5 -- when invoked against
the https-URLs pointing at the reconfigured servers.
Invoking curl with the -1
On Tue, Oct 28, 2014 at 6:58 PM, Mikhail T. mi+t...@aldan.algebra.com
wrote:
Hello!
After disabling SSLv3:
SSLOptions ALL -SSLv3
we noticed, that curl itself and libcurl-using programs (such as git)
stopped working on some of the (older) systems -- such as RHEL5 -- when
invoked against
On Tue, Oct 28, 2014 at 9:15 PM, Eric Covener cove...@gmail.com wrote:
There is an older/pre-poodle PR out there somewhere where the symptom
seems to be the v2hello/v2open disappearing with -SSLv3.
I can't find it though -- Jeff?
Is 300 good for anyone? The hard-coded default is 60 which seems awfully
high to me already.
--
Eric Covener
cove...@gmail.com
On Wed, Oct 29, 2014 at 2:15 AM, Eric Covener cove...@gmail.com wrote:
They had a year-old httpd2.4 from EPEL / RH software collections but it's
built against an old openssl, so it isn't aware of tls1.1 and tls1.2 and
that same block of code ends up locking you into exactly TLSv1.0 once you
On Tue, Oct 28, 2014 at 9:43 PM, Yann Ylavic ylavic@gmail.com wrote:
Kaspar, does the v2open require sslv2method? What do you think of the
patch
above?
I don't think so, SSLv23 seams to use the lowest non-disabled method,
and we explicitely disable the ones not configured. So it
On Wed, Oct 29, 2014 at 2:43 AM, Yann Ylavic ylavic@gmail.com wrote:
Maybe we should introduce another protocol keywork, namely ANY, which
would opt-in SSLv23 (SSLv2Hello), and not disable single protocol
configuration in any case like in the patch proposed by Mikhail.
So that SSLProtocol
On Wed, Oct 29, 2014 at 3:01 AM, Yann Ylavic ylavic@gmail.com wrote:
On Wed, Oct 29, 2014 at 2:43 AM, Yann Ylavic ylavic@gmail.com wrote:
Maybe we should introduce another protocol keywork, namely ANY, which
would opt-in SSLv23 (SSLv2Hello), and not disable single protocol