TLS_FALLBACK_SCSV
Dewangga Bachrul Alam
dewanggaba at xtremenitro.org
Fri Oct 17 15:42:55 UTC 2014
Hi mex,
Yes, it's apacheconfig, Litespeed is drop-in replacement for Apache.
Here is my full nginx -V http://fpaste.org/142890/60334141/raw
I don't have nginx with different openssl-library installed.
Thanks.
On 10/17/2014 10:29 PM, mex wrote:
>> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols`
>
> thats the most important part
>
>
>> directive. But, ssllabs.com says that :
>>
>> ---- snip ----
>> Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more
>> info[2])
>
> TLS_FALLBACK_SCSV also prevents downgrades from TLSv1.2 -> TLSv1.1 -> TLSv1
>
> and has got nothing to do with SSLv3
>
>
>> With configuration:
>> ---- snip ----
>> SSLHonorCipherOrder On
>> SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
>
> isnt this the apacheconfig?
>
>
>>
>> So the question is, how important it is?
>>
>
> it is not yet important, but downgrade-attacks might happen
> again.
>
> do you have nginx with a different openssl-library installed, e.g.
> statically linked
>
> please paste the full output from
>
> $ nginx -V
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254106,254109#msg-254109
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
More information about the nginx
mailing list