Re: SSL V3 Vulnerability in HTTP Repository Access.
On 25/10/14 23:26, Mohsin wrote:
> We are using HTTP protocol for repository access
> (http://abc.svn.com/svn/Repo/) over the internet for this case we are using
> tortoise svn client V 1.8.7 which is dependent on serf and serf is using SSL
> V3 . I just read serf version 1.3.5 is using SSL V3 and in serf 1.3.5 SSL V3
> is enabled . Serf had released latest version 1.3.8 in which SSL V3 is
> disabled . So should I upgrade serf version on my server because I have
> compiled my svn with serf V 1.3.5 or there is no issue ?
If you use HTTP "http://" you are not using SSL/TLS. You are not
affected by POODLE, but also not using encryption.
If using SSH/TLS, the server does not use serf. Turn off SSL 3.0 in the
Apache httpd configuration. No upgrade required, simple configuration
Received on 2014-10-26 00:34:42 CEST
This is an archived mail posted to the Subversion Users