>>> Joe Friedeggs <[email protected]> schrieb am 19.10.2014 um 15:17 in Nachricht <[email protected]>: > Pardon my ignorance on the subject, but I need to understand this: >> You've probably all heard about this "new" attack several times by now. Just > >> to confirm what's already been stated - this attack only affects HTTP > browsers >> that deliberately break the TLS handshake protocol to allow using older SSL >> versions. It does not affect LDAP software at all. > > Isn't this configurable? With the following: > TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv3:RSA > doesn't this allow SSLv3? To secure against POODLE, don't we need to > remove the SSLv3?
Related question: If a slapcat of the config database doesn't show a value for TLSCipherSuite, does it mean it is some default value? Any other way to query the setting? [...] Regards, Ulrich
