Freeze Break: SSLv3
Kevin Fenzi
kevin at scrye.com
Wed Oct 15 17:16:09 UTC 2014
On Wed, 15 Oct 2014 08:31:20 -0700
"T.C. Hollingsworth" <tchollingsworth at gmail.com> wrote:
> On Wed, Oct 15, 2014 at 7:03 AM, Kevin Fenzi <kevin at scrye.com> wrote:
> > Perhaps we can figure out a way to keep SSLv3 enabled, but disable
> > ciphers that are susceptable?
>
> Disabling CBC ciphers should do the trick:
> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
I asked some folks smarter than me, and they seemed to think this was
not sufficent. :(
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20141015/bec89463/attachment.sig>
More information about the infrastructure
mailing list