- Previous message: Patrice: "Re: purge sync. replication folder"
- Maybe in reply to: Phil Pennock: "Mapping users (either KerberosV or TLS certs)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Phil Pennock (no email)
Date: Thu Jul 13 2006 - 17:13:51 EDT
On 2006-07-06 at 12:58 +0100, Dennis Davis wrote:
> Is there a reason I'm probably missing for the "!SSLv2" ?
I said "mostly whim" but something was nagging at my memory, a
suggestion of more than silly fancy. It just clicked.
SSL version rollback attacks last year. I fixed OpenSSL but went around
and made sure that all configurable services couldn't be rolled back by
simply refusing to use SSLv2. Some were like that anyway, such as
Apache from when I was first learning SSL in more depth and what the
cipher list values meant, but most things I had left at their defaults.
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969>
-- "Everything has three factors: politics, money, and the right way to do it. In that order." -- Gary Donahue ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|