TLS_FALLBACK_SCSV
mex
nginx-forum at nginx.us
Fri Oct 17 15:29:00 UTC 2014
> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols`
thats the most important part
> directive. But, ssllabs.com says that :
>
> ---- snip ----
> Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more
> info[2])
TLS_FALLBACK_SCSV also prevents downgrades from TLSv1.2 -> TLSv1.1 -> TLSv1
and has got nothing to do with SSLv3
> With configuration:
> ---- snip ----
> SSLHonorCipherOrder On
> SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
isnt this the apacheconfig?
>
> So the question is, how important it is?
>
it is not yet important, but downgrade-attacks might happen
again.
do you have nginx with a different openssl-library installed, e.g.
statically linked
please paste the full output from
$ nginx -V
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254106,254109#msg-254109
More information about the nginx
mailing list