Blocking POODLE
Chris Murphy
lists at colorremedies.com
Thu Jan 15 05:39:51 UTC 2015
On Wed, Jan 14, 2015 at 7:40 PM, Matthew Saltzman <mjs at clemson.edu> wrote:
> SSLLabs reports a couple of servers of mine have SSL v3 enabled and are
> vulnerable to POODLE. I followed instructions for Apache httpd at
> https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/, but that does not seem to cure the problem. SSLLabs still reports the servers as vulnerable. Does anyone know what I'm missing?
>
> The server also runs Trac and Subversion servers and a separate vhost
> runs Jenkins. Does something special need to be done for those
> services?
>
> (These are, in fact, RHEL 7 servers running httpd-2.2.15-39.el6.x86_64,
> but I hope someone here will know what's going on.)
RHEL servers have support from Red Hat, send an email or pick up the
phone. The patches between RHEL and Fedora are documented, but unless
someone actually knows the answer it's totally non-obvious how to
answer your question other than "yes I realize it's 2015, but here's
how you use a telephone..."
--
Chris Murphy
More information about the users
mailing list