From owner-freebsd-gecko@FreeBSD.ORG Wed Oct 15 06:29:42 2014 Return-Path: Delivered-To: gecko@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 636BA168; Wed, 15 Oct 2014 06:29:42 +0000 (UTC) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.233.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 04A9B363; Wed, 15 Oct 2014 06:29:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codelabs.ru; s=three; h=Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=f56Tr2CNI5KJ0UIqamXEiD9YMWBPt4a0iwFNdNZevBA=; b=Z4r0mNYzkwF434Qsre76czCqnfRdofd2BSKhDqUoViTtUjhPXTjWN6zhS0hl4NBQVti3zR7HlcQANEKeJwUaTM4bQKxiALo3wZZmdmGrVuD2UJeAEBJExsqjyxMsJ7DfM6Fb3LCm4G8YP6nqGvLNGu+ZF1LN3whRoSOLKiQh88mxqVH/4EdwODtfxvTUo9hJkad01qmFgD3+pAHsa9K1V9epgIc7QmKg+MVP+NsKGA7fjagxZnA9N8bJ68YWFp+SoKo5y6xhZd081r4Va1x+SBsiwv1E7W8kmaWfLvSJFP/5MAqq5f71nrV1n1JbQDAWMOr1gxT6AZ9s3SI/NN9ID6duHX5RUq6LzTFpVpMIkJ8y9f0RT0PY1YYomBGdpsqM4Jga4hD+p1ImiV0Tq4uR0lSH4DLmCzjVs4dIGzwrt9XgnFTqYAHTVonqmXj+Cr2I7sgSHjo46iMUFKvi7AwoMWjySNZEXmLTixdRg6l6WVIiiYljeJjiAzwstVKHV9bOvvUf5u0cwgepL3AfPcQNoNUD35MvuEMki3AsZavfvvx3Unt6TAzM70C31pR3eglxek1saTWUivRx27NV6uEwML6jmEgtJiWe37ZavH6ccNPcbnSSqKG5O09LCaUeYX1gX47Ks+sLW5vg3kuJeb1taiP1YhuZPMRKJGrtojAM4RU=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.233.66]) by 0.mx.codelabs.ru with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) id 1XeI5b-000Ebo-Vo; Wed, 15 Oct 2014 10:29:40 +0400 Date: Wed, 15 Oct 2014 10:29:37 +0400 From: Eygene Ryabinkin To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= Subject: Re: POODLE SSLv3 vulnerability Message-ID: References: <86iojmgn40.fsf@nine.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="pleSNuEbvnUYtMxG" Content-Disposition: inline In-Reply-To: Sender: rea@codelabs.ru Cc: gecko@freebsd.org, ports-secteam@freebsd.org, chromium@freebsd.org X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2014 06:29:42 -0000 --pleSNuEbvnUYtMxG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Wed, Oct 15, 2014 at 10:02:17AM +0400, Eygene Ryabinkin wrote: > I'd also introduce an OPTION for Apache, Nginx and other Web servers > we ship in the ports collection that won't allow to use SSLv3 and turn > it on by-default. This will break some legacy clients, so it should > be an OPTION. stunnel, all Web servers for Ruby and other servers > that do SSL should also be modified to include such modification. net/haproxy is another port that terminates SSL. --=20 Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ] --pleSNuEbvnUYtMxG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iL4EABEKAGYFAlQ+FFFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDgyRkUwNkJDRDQ5N0MwREU0OUVDNEZGMDE2 QUY5RUFFODE1MkVDRkIACgkQFq+eroFS7Pur+wD/YneFPEHm/isaPU4VEbZJ1/Vi QQ3HVaDrAtTfaaiab48A/2oOWVtI4Pcek9YL7fZSEPDhtntptf56loRQKxrZG2FO =oerd -----END PGP SIGNATURE----- --pleSNuEbvnUYtMxG--