Le Tuesday 01 December 2015, 02:24:05 [email protected] a écrit : > Thank you very much for your config file, that I am testing now. > I have worked on your sophisticated ssl parameters and implemented > them. Then I did submit my site on > https://www.ssllabs.com/ssltest/analyze.html And I was surprised to > see that it passes very fine the tests except about ssl3 : > "This server is vulnerable to the POODLE attack. If possible, disable > SSL 3 to mitigate. Grade capped to C". > > I do not understand this failure as it seems to me that ssl3 is not > enabled... > What do you think of that...?
That is kind of outside the subject of this list (eg Mojolicious, and here you talk about your TLS nginx configuration) but have a look at the https://bettercrypto.org/ recommendations, you'll get the best advices ever. Here's why you can be subject to POODLE, even without SSLv3: https:// community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls -- Luc https://fiat-tux.fr/ Internet n'est pas compliqué, Internet est ce que vous en faites. -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
