[CentOS] POODLE and TLSv1
Thomas Eriksson
thomas.eriksson at slac.stanford.eduFri Oct 17 17:38:07 UTC 2014
- Previous message: [CentOS] POODLE and TLSv1
- Next message: [CentOS] POODLE and TLSv1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 10/17/2014 09:53 AM, James B. Byrne wrote: > > I read this on the RHN commentary respecting cve-2014-3566: > > > https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/: > ... > > If read the advisory aright then TLSv1.0 suffers from exactly the same flaw as > SSLv3. So, how do I configure apache-2.2.15 to deny TLSv1.0 and keep service > TLSv1.1+? > > The same advisory recommends to use this config for 7 and 6.6 upwards SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 I guess you could try changing that to SSLProtocol -All +TLSv1.1 +TLSv1.2 Don't know what you might break on the client side... - Thomas
- Previous message: [CentOS] POODLE and TLSv1
- Next message: [CentOS] POODLE and TLSv1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list