Тема: vulnerability in SSLv3 / Как отключить SSLv3 в Apache
Сегодня с утра получил рассылку из проверенных источников.
This vulnerability affects servers still running SSL 3.0. It centers on cipher block chaining (CBC) encryption implementation and allow attackers with a Man-in-the-Middle (MITM) position to derive the contents of a secure payload based on responses received from requests sent from a compromised browser to a legitimate server.
This is a vulnerability with the SSL protocol; existing SSL and code signing certificates are not affected and do not need to be replaced.
Here are some recommended actions:
Disable SSL 3.0 support or disable SSL 3.0 CBC-mode ciphers. You can use
SSL Toolbox to detect if SSL 3.0 is enabled on a web server.
Implement the proper use of TLS_FALLBACK_SCSV to remediate the forced downgrade issue that is part of the vulnerability.
Check for latest news and information at Knowledge
Пример как отключить SSLv3 в Апаче:
SSLProtocol all -SSLv2 -SSLv3