Hi there, Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols` directive. But, ssllabs.com says that :
---- snip ---- Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more info[2]) ---- snip ---- But on LiteSpeed[3] configuration, it says yes. ---- snip ---- Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported ---- snip ---- With configuration: ---- snip ---- SSLHonorCipherOrder On SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 ---- snip ---- $ nginx -v nginx version: nginx/1.6.2 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) TLS SNI support enabled [snip] --add-module=/home/mockbuild/rpmbuild/SOURCES/ngx_pagespeed-release-1.9.32.1-beta So the question is, how important it is? ---- Reference [1] http://nginx.com/blog/nginx-poodle-ssl/ [2] https://datatracker.ietf.org/doc/draft-bmoeller-tls-downgrade-scsv/ [3] http://www.litespeedtech.com/products/litespeed-web-server/release-log _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
