Am 17.10.2014 um 12:02 schrieb Takashi Sato:
SSLv3 is now insecure (CVE-2014-3566, POODLE) Let's disable SSLv3 by default, at least trunk.SSLProtocol default is "all". <http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol> "all" means "a shortcut for ``+SSLv3 +TLSv1'' or - when using OpenSSL 1.0.1 and later - ``+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2, respectively." Should we remove SSLv3 from "all"?
from a users (admins) point of view: yes if somebody really needs it he can enable SSLv3 deliberate what sadly not happens in many setup is disable it over years
signature.asc
Description: OpenPGP digital signature
