You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by sh...@lhsystems.com on 2014/11/10 17:40:38 UTC

Disable usage of SSL (SSLv2 and SSL v3) protocol

Hello,

Due to the security breach "POODLE" (detailed information see attachment) it is recommended to disable the support of the SSL v3 (and SSL v2) protocol (https://access.redhat.com/solutions/1232233). We could not find any documentation how achieve this goal. Is there any recommendation how to disable the protocol? Or will this issue be target in new release?

Best regards,
Shushant Kakkar

Sitz der Gesellschaft / Corporate Headquarters: Lufthansa Systems Aktiengesellschaft, Kelsterbach, Registereintragung / Registration: Amtsgericht Darmstadt 84307
Vorsitzende des Aufsichtsrats / Chairperson of the Supervisory Board: Simone Menne
Vorstand / Executive Board: Stefan Hansen (Vorsitzender / Chairman), Dr. Gunter Kuechler

Re: Disable usage of SSL (SSLv2 and SSL v3) protocol

Posted by Emmanuel Lécharny <el...@gmail.com>.

Le 10/11/14 17:40, shushant.kakkar@lhsystems.com a écrit :
> Hello,
>
> Due to the security breach "POODLE" (detailed information see attachment) it is recommended to disable the support of the SSL v3 (and SSL v2) protocol (https://access.redhat.com/solutions/1232233). We could not find any documentation how achieve this goal. Is there any recommendation how to disable the protocol? Or will this issue be target in new release?
There is nothing to do. We use TLS as the default protocol in ApacheDS,
not SSLV3.