[Bug 72072] New: Disable SSL 3.0 on Wikimedia sites to mitigate POODLE attack

bugzilla-daemon Wed, 15 Oct 2014 00:38:57 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=72072


            Bug ID: 72072
           Summary: Disable SSL 3.0 on Wikimedia sites to mitigate POODLE
                    attack
           Product: Wikimedia
           Version: wmf-deployment
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: SSL related
          Assignee: [email protected]
          Reporter: [email protected]
       Web browser: ---
   Mobile Platform: ---

This POODLE bites: exploiting the SSL 3.0 fallback: 
http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://www.openssl.org/~bodo/ssl-poodle.pdf

The only workaround now is to disable SSL 3.0, but this will make IE6 users
unable to access over HTTPS. If supporting IE6 is needed, how about we disable
it for now and re-enable SSL 3.0 after TLS_FALLBACK_SCSV is available?

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 72072] New: Disable SSL 3.0 on Wikimedia sites to mitigate POODLE attack

Reply via email to