Hi Shushant, As Emmanuel already stated in his reply on Nov 10th in the user mailing list, the Apache Directory Server is expected to be vulnerable with respect to the 'POODLE' breach as it doesn't apply the SSLv2 or SSLv3 protocol. It applies the the TLS protocol to have secure connections.
Best regards, Pierre Smits *ORRTIZ.COM <http://www.orrtiz.com>* Services & Solutions for Cloud- Based Manufacturing, Professional Services and Retail & Trade http://www.orrtiz.com On Thu, Nov 13, 2014 at 4:32 PM, <[email protected]> wrote: > Hello, > > > > Due to the security breach "POODLE" (detailed information see attachment) > it is recommended to disable the support of the SSL v3 (and SSL v2) > protocol (https://access.redhat.com/solutions/1232233). We could not find > any documentation how achieve this goal for Apache DS. Is there any > recommendation how to disable the protocol? Or will this issue be target in > new release? > > > > Best regards, > > Shushant Kakkar > > > > *Von:* KAKKAR, SHUSHANT > *Gesendet:* Montag, 10. November 2014 17:41 > *An:* '[email protected]' > *Betreff:* Disable usage of SSL (SSLv2 and SSL v3) protocol > > > > Hello, > > > > Due to the security breach "POODLE" (detailed information see attachment) > it is recommended to disable the support of the SSL v3 (and SSL v2) > protocol (https://access.redhat.com/solutions/1232233). We could not find > any documentation how achieve this goal. Is there any recommendation how to > disable the protocol? Or will this issue be target in new release? > > > > Best regards, > > Shushant Kakkar >
