[CentOS] Testing "dark" SSL sites

Tue Oct 21 22:02:53 UTC 2014
Travis Kendrick <thepouar at gmail.com>

On 10/21/2014 04:57 PM, lists at benjamindsmith.com wrote:
> So, with all the hubbub around POODLE and ssl, we're preparing a new load 
> balancer using HAProxy. 
>
> So we have a set of unit tests written using PHPUnit, having trouble 
> validating certificates. How do you test/validate an SSL cert for a prototype 
> "foo.com" server if it's not actually active at the IP address that matches 
> DNS for foo.com? 
>
> For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass an 
> explicit "host: foo.com" http header but that fails for SSL certificate 
> validation. 
>
> You can also set a hosts file entry, but that's also rather painful. Is there a 
> better option? 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I just disabled SSLv3 altogether on my server and just use TLS. On my
site I only use TLS 1.2 and not earlier versions or SSL so I was never
affected by POODLE.
-- 
Travis Kendrick