Re: SSL V3 Vulnerability in HTTP Repository Access.

From: Andreas Stieger <andreas.stieger_at_gmx.de>
Date: Sat, 25 Oct 2014 23:34:06 +0100

Hi,

On 25/10/14 23:26, Mohsin wrote:
> We are using HTTP protocol for repository access
> (http://abc.svn.com/svn/Repo/) over the internet for this case we are using
> tortoise svn client V 1.8.7 which is dependent on serf and serf is using SSL
> V3 . I just read serf version 1.3.5 is using SSL V3 and in serf 1.3.5 SSL V3
> is enabled . Serf had released latest version 1.3.8 in which SSL V3 is
> disabled . So should I upgrade serf version on my server because I have
> compiled my svn with serf V 1.3.5 or there is no issue ?

If you use HTTP "http://" you are not using SSL/TLS. You are not
affected by POODLE, but also not using encryption.

If using SSH/TLS, the server does not use serf. Turn off SSL 3.0 in the
Apache httpd configuration. No upgrade required, simple configuration
change.

Andreas
Received on 2014-10-26 00:34:42 CEST

This message: [ Message body ]
Next message: Mohsin: "Re: SSL V3 Vulnerability in HTTP Repository Access."
Previous message: Mohsin: "SSL V3 Vulnerability in HTTP Repository Access."
In reply to: Mohsin: "SSL V3 Vulnerability in HTTP Repository Access."
Next in thread: Mohsin: "Re: SSL V3 Vulnerability in HTTP Repository Access."
Reply: Mohsin: "Re: SSL V3 Vulnerability in HTTP Repository Access."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]