[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SSL V3 Vulnerability in HTTP Repository Access.

From: David Lowe <doctorjlowe_at_earthlink.net>
Date: Sat, 25 Oct 2014 20:54:53 -0700

On 2014 Oct 25, at 6:33 PM, Mohsin <mohsinchandia_at_gmail.com> wrote:

>> If you use HTTP "http://" you are not using SSL/TLS. You are not
>> affected by POODLE, but also not using encryption.
> We are using HTTP so we are not affected by POODLE.
>> If using SSH/TLS, the server does not use serf. Turn off SSL 3.0 in the
>> Apache httpd configuration. No upgrade required, simple configuration
>> change.
> Can you tell when SSH/TLS is used ? In my case we are using HTTP protocol.
> How can I disable SSL 3.0 in Apache conf ?

        As has been hinted at already, HTTP does not use *any* encryption. In order to encrypt hypertext file transfers, one would need to set the web server and clients to HTTPS protocol. Most likely your server is Apache, but in any case such configuration details are off-topic for this list. Please read up on, for example, 'man https' or do a web on 'apache configuration'.

sent from Mountain Lion
Received on 2014-10-26 04:55:47 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.