Обновление OpenSSL для решения проблем с пуделями SSL3
  1. Forums
  2. General
  3. General Discussion
  1. Richard Hordern
  2. Wednesday, 15 October 2014
  3.  Subscribe via email
Hello, OpenSSL has implemented the reccomeded way to deal with the SSLv3 poodle vulnerability : not removing sslv3 support but preventing up to date browers from being able to downgrade to SSL3 when both them and the server accept more secure protocols.


Any chance of OpenSSL being patched or upgraded soon on Cloudlinux ? 
Rate this post:
  1. 15.10.2014 16:10:24
  2. # 1
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
We will be following RHEL on that. Yet, from I have read on security mailing lists -- you are better of disabling SSLv3.
  1. 15.10.2014 16:10:51
  2. # 2
Richard Hordern Accepted Answer
Posts: 219
Joined: 19.03.2011
We have disabled SSLv3 but some sites that enable SSL just for SEO prefer to remain compatible with IE6 and Firefox is rumoured to not use TLS on other ports than the default 443.

Google recommends not disabeling SSLv3 as it is still better than no SSL but making it so a brower that is TLS compatible can\'t be tricked into using SSLv3 thus making this vulnerability useless with a modern browser.
  1. 16.10.2014 15:10:59
  2. # 3
Richard Hordern Accepted Answer
Posts: 219
Joined: 19.03.2011
Any news on integrating the fix pushed by redhat earlier today ?
  1. 21.10.2014 13:10:18
  2. # 4
Randall Kent Accepted Answer
Posts: 1
Joined: 21.10.2014
Any update on this?
  • Page :
  • 1

There are no replies made for this post yet.
Be one of the first to reply to this post!
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.
By submitting the response, you agree with Cloudlinux Privacy Policy