As we had a note about sslv2 not being recommended when security is wanted, I put the same note for sslv3. It could be useful for new comers in the field.
Cheers, Daniel On 21/10/14 08:34, Olle E Johansson wrote: > > > Rainer Piper skrev 2014-10-21 08:30: >> Am 21.10.2014 um 08:20 schrieb Olle E Johansson: >>> >>>>> >>>>> !!! *a warning **that the use of SSLv3 **susceptibility to POODLE >>>>> Vulnerability* !!! >>>>> >>> Well, since Poodle requires a web browser and java script we're not in >>> danger from a Poodle attack. Even so, we are not enabling SSL by >>> default, only enabling TLS. All versions of SSL are too old to be >>> secure. We can not add a warning text for every possible attack, >>> but have published information on twitter, facebook, G+ and >>> on the mailing lists. >>> >>> Are we aware of any phones or SIP servers that only supports SSLv3 >>> and have no support of TLS? >>> >>> /O >>> > >> >> source: http://downloads.asterisk.org/pub/security/AST-2014-011.html >> >> you have to force asterisk to do TLSv1 >> the defaults settings allowing a SSLv3/SSLv2 fallback. > > Yes, I am aware of that (and took part in the process). It's the same > as what Kamailio does if you check the default configuration. > > As a second step we will have to modify our defaults in the code (like > Asterisk). > > /O > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
