Welcome! Log In Create A New Profile

Re: TLS_FALLBACK_SCSV

Forum List Message List New Topic Print View

dewanggaba

October 17, 2014 11:44AM

Registered: 14 years ago
Posts: 71

Hi mex,

Yes, it's apacheconfig, Litespeed is drop-in replacement for Apache.

Here is my full nginx -V http://fpaste.org/142890/60334141/raw

I don't have nginx with different openssl-library installed.

Thanks.

On 10/17/2014 10:29 PM, mex wrote:
>> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols`
>
> thats the most important part
>
>
>> directive. But, ssllabs.com says that :
>>
>> ---- snip ----
>> Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more
>> info[2])
>
> TLS_FALLBACK_SCSV also prevents downgrades from TLSv1.2 -> TLSv1.1 -> TLSv1
>
> and has got nothing to do with SSLv3
>
>
>> With configuration:
>> ---- snip ----
>> SSLHonorCipherOrder On
>> SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
>
> isnt this the apacheconfig?
>
>
>>
>> So the question is, how important it is?
>>
>
> it is not yet important, but downgrade-attacks might happen
> again.
>
> do you have nginx with a different openssl-library installed, e.g.
> statically linked
>
> please paste the full output from
>
> $ nginx -V
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254106,254109#msg-254109
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
TLS_FALLBACK_SCSV	dewanggaba	October 17, 2014 10:32AM
Re: TLS_FALLBACK_SCSV	mex	October 17, 2014 11:29AM
Re: TLS_FALLBACK_SCSV	dewanggaba	October 17, 2014 11:44AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 261

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018