Re: SSL V3 Vulnerability in HTTP Repository Access.

From: David Lowe <doctorjlowe_at_earthlink.net>
Date: Sat, 25 Oct 2014 20:54:53 -0700

On 2014 Oct 25, at 6:33 PM, Mohsin <mohsinchandia_at_gmail.com> wrote:

>> If you use HTTP "http://" you are not using SSL/TLS. You are not
>> affected by POODLE, but also not using encryption.
>
> We are using HTTP so we are not affected by POODLE.
>
>
>> If using SSH/TLS, the server does not use serf. Turn off SSL 3.0 in the
>> Apache httpd configuration. No upgrade required, simple configuration
>> change.
>
> Can you tell when SSH/TLS is used ? In my case we are using HTTP protocol.
> How can I disable SSL 3.0 in Apache conf ?

As has been hinted at already, HTTP does not use *any* encryption. In order to encrypt hypertext file transfers, one would need to set the web server and clients to HTTPS protocol. Most likely your server is Apache, but in any case such configuration details are off-topic for this list. Please read up on, for example, 'man https' or do a web on 'apache configuration'.

sent from Mountain Lion
Received on 2014-10-26 04:55:47 CET

This message: [ Message body ]
Next message: Grigory Petrov: "unsubscribe"
Previous message: Andreas Stieger: "Re: SSL V3 Vulnerability in HTTP Repository Access."
In reply to: Mohsin: "Re: SSL V3 Vulnerability in HTTP Repository Access."
Next in thread: Mohsin: "Re: SSL V3 Vulnerability in HTTP Repository Access."
Reply: Mohsin: "Re: SSL V3 Vulnerability in HTTP Repository Access."
Reply: Mohsin: "Re: SSL V3 Vulnerability in HTTP Repository Access."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]