> I see you speak of fixing web servers in regard to the poodle 
> exploit. Is there any problem with clients? I see mine are set to 
> sslv23. I believe that was the default. Should I change this and if 
> so, to what?

The issue with clients is they usually need to access a wide range of servers,
some of which may not be using TLS.  Not everyone keeps their servers up to
date.  You can try disabling v2 and v3, but then check your common sites are
still available.  

SslContext.SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3];
> Also, I was wondering if it's possible to get a snapshot of your 
> openssl 1.0.1i or 1.0.1j?

1.0.1i has been available since August at the downloads page: 


We've not yet done an ICS 1.0.1j version, it's a minor release with mitigation
for poodle, but setting options works just as well.  There is quite a lot of
effort in updating and testing new OpenSSL releases, and they are getting too


To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to