On Sat, Sep 19, 2015 at 4:05 AM, Kaspar Brand <httpd-dev.2...@velox.ch>
wrote:
> On 17.10.2014 19:25, Kaspar Brand wrote:
> > On 17.10.2014 12:02, Takashi Sato wrote:
> >> SSLv3 is now insecure (CVE-2014-3566, POODLE)
> >> Let's disable SSLv3 by default, at l
On 17.10.2014 19:25, Kaspar Brand wrote:
> On 17.10.2014 12:02, Takashi Sato wrote:
>> SSLv3 is now insecure (CVE-2014-3566, POODLE)
>> Let's disable SSLv3 by default, at least trunk.
>>
>> SSLProtocol default is "all".
>> <http://httpd.apache.org/do
On 4 May 2015, at 22:26, William A Rowe Jr wr...@rowe-clan.net wrote:
It seems to me that SAFE at this time is TLSv1.2.
It also seems to me that the first problem to solve is to ensure if the user
removes SSLv3 (+/- TLSv1.0) from their openssl installed binary, that we
simply respect
- Original Message -
Subject: Re: Disable SSLv3 by default
From: Arkadiusz Miśkiewicz ar...@maven.pl
Date: 10/17/14 1:57 pm
To: dev@httpd.apache.org
On Friday 17 of October 2014, Kaspar Brand wrote:
On 17.10.2014 12:02, Takashi Sato wrote:
SSLv3 is now insecure (CVE-2014-3566
On Mon, May 4, 2015 at 4:26 PM, William A Rowe Jr wr...@rowe-clan.net
wrote:
- Original Message -
Subject: Re: Disable SSLv3 by default
From: Arkadiusz Miśkiewicz ar...@maven.pl
Date: 10/17/14 1:57 pm
To: dev@httpd.apache.org
On Friday 17 of October 2014, Kaspar Brand wrote
- Original Message - Subject: Re: Disable SSLv3 by default
From: Arkadiusz Miśkiewicz ar...@maven.pl
Date: 10/17/14 1:57 pm
To: dev@httpd.apache.org
On Friday 17 of October 2014, Kaspar Brand wrote:
On 17.10.2014 12:02, Takashi Sato wrote:
SSLv3 is now insecure (CVE-2014-3566
Am 20.10.2014 um 19:17 schrieb wr...@rowe-clan.net:
Is this a responsible recommendation, though? Does TLSv1.0 offer any
significant improvement over SSLv3.0 that HTTP server project endorses?
Can or should 'we' officially designate SSLv3 as undesirable without
making the same recommendation
SSLv3 is now insecure (CVE-2014-3566, POODLE)
Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is all.
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol
all means a shortcut for ``+SSLv3 +TLSv1'' or - when using OpenSSL
1.0.1 and later - ``+SSLv3 +TLSv1 +TLSv1.1
Am 17.10.2014 um 12:02 schrieb Takashi Sato:
SSLv3 is now insecure (CVE-2014-3566, POODLE)
Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is all.
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol
all means a shortcut for ``+SSLv3 +TLSv1'' or - when using
that's right, SSLv3 is no longer secure.
2014-10-17 19:14 GMT+09:00 Reindl Harald h.rei...@thelounge.net:
Am 17.10.2014 um 12:02 schrieb Takashi Sato:
SSLv3 is now insecure (CVE-2014-3566, POODLE)
Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is all.
http
On 17.10.2014 12:02, Takashi Sato wrote:
SSLv3 is now insecure (CVE-2014-3566, POODLE)
Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is all.
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol
all means a shortcut for ``+SSLv3 +TLSv1'' or - when using
On Friday 17 of October 2014, Kaspar Brand wrote:
On 17.10.2014 12:02, Takashi Sato wrote:
SSLv3 is now insecure (CVE-2014-3566, POODLE)
Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is all.
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol
all
12 matches
Mail list logo
