[CentOS] Testing "dark" SSL sites
Travis Kendrick
thepouar at gmail.com
Tue Oct 21 22:02:53 UTC 2014
On 10/21/2014 04:57 PM, lists at benjamindsmith.com wrote:
> So, with all the hubbub around POODLE and ssl, we're preparing a new load
> balancer using HAProxy.
>
> So we have a set of unit tests written using PHPUnit, having trouble
> validating certificates. How do you test/validate an SSL cert for a prototype
> "foo.com" server if it's not actually active at the IP address that matches
> DNS for foo.com?
>
> For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass an
> explicit "host: foo.com" http header but that fails for SSL certificate
> validation.
>
> You can also set a hosts file entry, but that's also rather painful. Is there a
> better option?
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I just disabled SSLv3 altogether on my server and just use TLS. On my
site I only use TLS 1.2 and not earlier versions or SSL so I was never
affected by POODLE.
--
Travis Kendrick
More information about the CentOS
mailing list