cc: users@ For users who want to immediately disable SSLv3 you should only need to change proxy.config.ssl.SSLv3 in records.config to 0 and bounce traffic_server.
Brian On Tue, Oct 14, 2014 at 4:13 PM, Leif Hedstrom <[email protected]> wrote: > Now that the POODLE is out of the bag, I think we should consider changing > this for v5.1.1: > > {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, > RR_NULL, RECC_INT, "[0-1]", RECA_NULL} > > > I believe this does have a drawback: certain browsers / UAs on some OSes > might not have TLS support. I think (but not 100% certain) that IE on > Windows/XP is one such case? > > Thoughts? > > — Leif > > > http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
