Welcome! Log In Create A New Profile

Advanced

TLS_FALLBACK_SCSV

Previous Message Next Message
Forum List Message List New Topic Print View
dewanggaba
October 17, 2014 10:32AM
Hi there,

Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols`
directive. But, ssllabs.com says that :

---- snip ----
Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more
info[2])
---- snip ----

But on LiteSpeed[3] configuration, it says yes.

---- snip ----
Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported
---- snip ----

With configuration:
---- snip ----
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
---- snip ----

$ nginx -v
nginx version: nginx/1.6.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
TLS SNI support enabled
[snip]
--add-module=/home/mockbuild/rpmbuild/SOURCES/ngx_pagespeed-release-1.9.32.1-beta

So the question is, how important it is?

---- Reference
[1] http://nginx.com/blog/nginx-poodle-ssl/
[2] https://datatracker.ietf.org/doc/draft-bmoeller-tls-downgrade-scsv/
[3] http://www.litespeedtech.com/products/litespeed-web-server/release-log

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

TLS_FALLBACK_SCSV

dewanggaba October 17, 2014 10:32AM

Re: TLS_FALLBACK_SCSV

mex October 17, 2014 11:29AM

Re: TLS_FALLBACK_SCSV

dewanggaba October 17, 2014 11:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 198
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready