Welcome! Log In Create A New Profile

Advanced

Re: TLS_FALLBACK_SCSV

mex
October 17, 2014 11:29AM
> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols`

thats the most important part


> directive. But, ssllabs.com says that :
>
> ---- snip ----
> Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more
> info[2])

TLS_FALLBACK_SCSV also prevents downgrades from TLSv1.2 -> TLSv1.1 -> TLSv1

and has got nothing to do with SSLv3


> With configuration:
> ---- snip ----
> SSLHonorCipherOrder On
> SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

isnt this the apacheconfig?


>
> So the question is, how important it is?
>

it is not yet important, but downgrade-attacks might happen
again.

do you have nginx with a different openssl-library installed, e.g. statically linked

please paste the full output from

$ nginx -V
Subject Author Posted

TLS_FALLBACK_SCSV

dewanggaba October 17, 2014 10:32AM

Re: TLS_FALLBACK_SCSV

mex October 17, 2014 11:29AM

Re: TLS_FALLBACK_SCSV

dewanggaba October 17, 2014 11:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 79
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready