Blocking POODLE
Matthew Saltzman
mjs at clemson.edu
Thu Jan 15 02:40:41 UTC 2015
SSLLabs reports a couple of servers of mine have SSL v3 enabled and are
vulnerable to POODLE. I followed instructions for Apache httpd at
https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/, but that does not seem to cure the problem. SSLLabs still reports the servers as vulnerable. Does anyone know what I'm missing?
The server also runs Trac and Subversion servers and a separate vhost
runs Jenkins. Does something special need to be done for those
services?
(These are, in fact, RHEL 7 servers running httpd-2.2.15-39.el6.x86_64,
but I hope someone here will know what's going on.)
Thanks in advance.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
More information about the users
mailing list