Date: Wed, 15 Oct 2014 10:29:37 +0400 From: Eygene Ryabinkin <rea@freebsd.org> To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no> Cc: gecko@freebsd.org, ports-secteam@freebsd.org, chromium@freebsd.org Subject: Re: POODLE SSLv3 vulnerability Message-ID: <ejf3uQp5Mzj/IfB9YYidVD5uPZM@1d%2BaJAniZP50FCDdGj54nd51%2Bks> In-Reply-To: <R0zKl5VfV2qM//7ElaCD1tOBoHs@1d%2BaJAniZP50FCDdGj54nd51%2Bks> References: <86iojmgn40.fsf@nine.des.no> <R0zKl5VfV2qM//7ElaCD1tOBoHs@1d%2BaJAniZP50FCDdGj54nd51%2Bks>
next in thread | previous in thread | raw e-mail | index | archive | help
--pleSNuEbvnUYtMxG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Wed, Oct 15, 2014 at 10:02:17AM +0400, Eygene Ryabinkin wrote: > I'd also introduce an OPTION for Apache, Nginx and other Web servers > we ship in the ports collection that won't allow to use SSLv3 and turn > it on by-default. This will break some legacy clients, so it should > be an OPTION. stunnel, all Web servers for Ruby and other servers > that do SSL should also be modified to include such modification. net/haproxy is another port that terminates SSL. --=20 Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ] --pleSNuEbvnUYtMxG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iL4EABEKAGYFAlQ+FFFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDgyRkUwNkJDRDQ5N0MwREU0OUVDNEZGMDE2 QUY5RUFFODE1MkVDRkIACgkQFq+eroFS7Pur+wD/YneFPEHm/isaPU4VEbZJ1/Vi QQ3HVaDrAtTfaaiab48A/2oOWVtI4Pcek9YL7fZSEPDhtntptf56loRQKxrZG2FO =oerd -----END PGP SIGNATURE----- --pleSNuEbvnUYtMxG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ejf3uQp5Mzj/IfB9YYidVD5uPZM>