[pkg-lighttpd] Bug#765702: lighttpd: Disable SSL 3.0
Stefan Bühler
stbuehler at lighttpd.net
Fri Oct 17 16:47:50 UTC 2014
Hi,
On Fri, 17 Oct 2014 14:39:52 +0200
Christian Tacke <Christian.Tacke+debian.org at cosmokey.com> wrote:
> Hi,
>
> looking at CVE-2014-3566 ("POODLE") it seems a very good
> idea to finally disable SSL 3.0 by default ("secure by
> default"). Please test attached patch.
I'd say go with this instead:
http://git.lighttpd.net/lighttpd/lighttpd-1.x.git/commit/?id=084df7e99a8738be79f83e330415a8963280dc4a
You can still add the option in the config example of course, or just
mention its existance there.
regards,
Stefan
More information about the pkg-lighttpd-maintainers
mailing list