http://localhost:8080/trac/ticket/797 <p> Check which serives are available with SSLv3.0, see: </p> <ul><li><a class="ext-link" href="https://access.redhat.com/articles/1232123"><span class="icon">​</span>https://access.redhat.com/articles/1232123</a> </li><li><a class="ext-link" href="https://www.openssl.org/~bodo/ssl-poodle.pdf"><span class="icon">​</span>https://www.openssl.org/~bodo/ssl-poodle.pdf</a> </li><li><a class="ext-link" href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3566"><span class="icon">​</span>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3566</a> </li></ul><p> and disable SSLv3.0 where it is being offered. </p> en-us /trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg http://localhost:8080/trac/ticket/797 Trac 0.12.5 chris Wed, 15 Oct 2014 13:01:15 GMT http://localhost:8080/trac/ticket/797#comment:1 http://localhost:8080/trac/ticket/797#comment:1 <p> A couple more links: </p> <ul><li><a class="ext-link" href="http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"><span class="icon">​</span>http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566</a> </li><li><a class="ext-link" href="http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html"><span class="icon">​</span>http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html</a> </li></ul> Ticket chris Thu, 16 Oct 2014 12:42:39 GMT http://localhost:8080/trac/ticket/797#comment:2 http://localhost:8080/trac/ticket/797#comment:2 <p> This will be fixed for <a class="wiki" href="http://localhost:8080/trac/wiki/PuffinServer">PuffinServer</a> by <a class="closed ticket" href="http://localhost:8080/trac/ticket/798" title="maintenance: BOA-2.3.5 (closed: fixed)">ticket:798</a> </p> Ticket chris Tue, 11 Nov 2014 13:27:06 GMT http://localhost:8080/trac/ticket/797#comment:3 http://localhost:8080/trac/ticket/797#comment:3 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>0.25</em> </li> <li><strong>status</strong> changed from <em>new</em> to <em>closed</em> </li> <li><strong>resolution</strong> set to <em>fixed</em> </li> <li><strong>totalhours</strong> changed from <em>0.0</em> to <em>0.25</em> </li> </ul> <p> <a class="wiki" href="http://localhost:8080/trac/wiki/PenguinServer">PenguinServer</a> and <a class="wiki" href="http://localhost:8080/trac/wiki/ParrotServer">ParrotServer</a> were vulnerable: </p> <ul><li><a class="ext-link" href="https://www.ssllabs.com/ssltest/analyze.html?d=parrot.transitionnetwork.org&amp;hideResults=on"><span class="icon">​</span>https://www.ssllabs.com/ssltest/analyze.html?d=parrot.transitionnetwork.org&amp;hideResults=on</a> </li><li><a class="ext-link" href="https://www.ssllabs.com/ssltest/analyze.html?d=penguin.transitionnetwork.org&amp;hideResults=on"><span class="icon">​</span>https://www.ssllabs.com/ssltest/analyze.html?d=penguin.transitionnetwork.org&amp;hideResults=on</a> </li></ul><p> On <a class="wiki" href="http://localhost:8080/trac/wiki/PenguinServer">PenguinServer</a>, find the files to edit: </p> <pre class="wiki">cd /etc/nginx/ grep -rli sslv3 . ./sites-available/stats ./sites-available/tech ./sites-available/static ./sites-available/default ./sites-available/intransitionmovie ./sites-available/penguin ./sites-available/ttarchive ./sites-available/wiki.bak ./sites-available/patterns ./sites-available/wiki </pre><p> Edit in vim: </p> <pre class="wiki">:1,$s/ssl_protocols SSLv3 /ssl_protocols /gc </pre><p> Restart Nginx. </p> <p> <a class="wiki" href="http://localhost:8080/trac/wiki/ParrotServer">ParrotServer</a> edit <tt></tt><tt>/etc/apache2/mods-available/ssl.conf</tt><tt></tt> </p> <pre class="wiki">#SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 </pre><p> Restart Apache. </p> Ticket