[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why no security update of apache2 concerning SSLv3?



On Thursday 12 March 2015 10:45:59 Darac Marjal wrote:
> On Thu, Mar 12, 2015 at 09:07:12AM -0400, Gene Heskett wrote:
[...]
> >
> > Considering that I _am_ running an apache server here, AND it faces
> > the world, this lack of a fix for POODLE, seems to be a serious lack
> > on the part of the apache people for not pushing a fix, with lots of
> > noise, or if its available, a fairly serious screw you attitude on
> > the part of the debian folks in control of that.  Strong language
> > maybe, but it needs to be said.
>
> Hang on. If you're aware of POODLE and you've not taken steps to
> mitigate it, aren't you the one at fault? I mean, yes, debian could
> put out a patch which changes the default settings but this probably
> won't affect vservers, or other configuration files stashed about the
> place.

The info on how to do that has not exactly been front page news in my 
local fishwrap.

> Perhaps people just need to be made more aware of robust SSL settings
> for apache: https://cipherli.st/

Excellent site, and I will have checked all that before the day is done.

Thank you very much.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>


Reply to: