Univention Bugzilla – Bug 37906
apache: SSL3 protocol attack (ES 3.1)
Last modified: 2015-09-03 12:58:43 CEST
We should also fix this in 3.1 +++ This bug was initially created as a clone of Bug #36173 +++ We should raise the minimum TLS version used by Apache to 1.0 Browsers which don't even support TLS are incompatible with the UMC and every other web application offered in the App Center.
Fixed in extsec3.1 Tests (i386): OK
Created attachment 7138 [details] 3.1-apache.txt.asc
Created attachment 7139 [details] 3.1-apache.txt.asc
Created attachment 7142 [details] 3.1-univention-apache.txt.asc
Code review: OK YAML: OK (3.1-univention-apache.txt.asc) Tests: OK wget --secure-protocol=SSLv2 https://$(hostname -f) --no-check-certificate; echo $? wget --secure-protocol=SSLv3 https://$(hostname -f) --no-check-certificate; echo $? wget https://$(hostname -f) --no-check-certificate; echo $?
Published