> I see you speak of fixing web servers in regard to the poodle > exploit. Is there any problem with clients? I see mine are set to > sslv23. I believe that was the default. Should I change this and if > so, to what?
The issue with clients is they usually need to access a wide range of servers, some of which may not be using TLS. Not everyone keeps their servers up to date. You can try disabling v2 and v3, but then check your common sites are still available. SslContext.SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3]; > Also, I was wondering if it's possible to get a snapshot of your > openssl 1.0.1i or 1.0.1j? 1.0.1i has been available since August at the downloads page: http://wiki.overbyte.be/wiki/index.php/ICS_Download We've not yet done an ICS 1.0.1j version, it's a minor release with mitigation for poodle, but setting options works just as well. There is quite a lot of effort in updating and testing new OpenSSL releases, and they are getting too regular. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be