Re: Why no security update of apache2 concerning SSLv3?
On Thursday 12 March 2015 10:45:59 Darac Marjal wrote:
> On Thu, Mar 12, 2015 at 09:07:12AM -0400, Gene Heskett wrote:
[...]
> >
> > Considering that I _am_ running an apache server here, AND it faces
> > the world, this lack of a fix for POODLE, seems to be a serious lack
> > on the part of the apache people for not pushing a fix, with lots of
> > noise, or if its available, a fairly serious screw you attitude on
> > the part of the debian folks in control of that. Strong language
> > maybe, but it needs to be said.
>
> Hang on. If you're aware of POODLE and you've not taken steps to
> mitigate it, aren't you the one at fault? I mean, yes, debian could
> put out a patch which changes the default settings but this probably
> won't affect vservers, or other configuration files stashed about the
> place.
The info on how to do that has not exactly been front page news in my
local fishwrap.
> Perhaps people just need to be made more aware of robust SSL settings
> for apache: https://cipherli.st/
Excellent site, and I will have checked all that before the day is done.
Thank you very much.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: