similar to: SSLv3 vunerability and Nautilus

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, As most of you already know, there is an important SSLv3 vulnerability (CVE-2014-3566 - see https://access.redhat.com/articles/1232123) , known as Poodle. While it's easy to disable SSLv3 in the allowed Protocols at the server level (for example SSLProtocol All -SSLv2 -SSLv3 for apache), some clients are still defaulting to SSLv3, and Koji

I read this on the RHN commentary respecting cve-2014-3566: https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/: . . . The first aspect of POODLE, the SSL 3.0 protocol vulnerability, has already been fixed through iterative protocol improvements, leading to the current TLS version, 1.2. It is simply not possible to address this in the context of the SSL 3.0

On Thu, December 18, 2014 00:31, Jake Shipton wrote: > > Hi Alex, > > In this situation 2.2.29 actually does offer an advantage over CentOS > version 2.2.15. > > The version provided by CentOS does not support Forward Secrecy for SSL > or TLS 1.2. > > Version 2.2.24+ of upstream Apache includes patches which enable both > Forward Secrecy and TLS 1.2. > > Now

Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation. Running "openssl ciphers -v" I get a list of cypher suite of openssl like: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ......... Each lines report relative protocol. Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:

On Wed, March 11, 2015 13:46, Grant McChesney wrote: > On Wed, Mar 11, 2015 at 10:03 AM, James B. Byrne > <byrnejb at harte-lyne.ca> > wrote: > >> Can anyone inform me as to whether or not Java on CentOS-6.6 still >> has SSLv3 enabled? And if it does then how is it disabled? >> >> > James: > > Check the java.security file for your JRE. I'm

Can anyone inform me as to whether or not Java on CentOS-6.6 still has SSLv3 enabled? And if it does then how is it disabled? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1

Hi! I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm supplied by yum.puppetlabs.com. I''ve setup a apache2 vhost with mod_ssl and passenger. The server is configured to autosign the cert requests. The agent installed on the puppetmaster''s server works fine. I''ve a second agent on a server which can sync with the server too. This

On Tue, March 3, 2015 13:37, James Cloos wrote: >>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: > > JBB> tcpenable=yes > JBB> tlsenable=yes > JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt > JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt > JBB> tlsdontverifyserver=yes > JBB>

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Hi, ppl I dont know what to do. I configure a new client do sync with my server. the server accept de client_cert without errors and then when i run the "puppet agent -t" agaion i got this error output info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server

CentOS-6.5 (FreePBX-2.6) Asterisk-11.14.2 (FreePBX) snom870-SIP 8.7.3.25.5 I am having a very difficult time attempting to get TLS and SRTP working with Asterisk and anything else. At the moment I am trying to get TLS functioning with our Snom870 desk-sets. And I am not having much luck. Since this is an extraordinarily (to me) Byzantine environemnt I am going to ask if any of you have gotten

Am 03.03.2015 um 18:16 schrieb James B. Byrne: > CentOS-6.5 (FreePBX-2.6) > Asterisk-11.14.2 (FreePBX) > snom870-SIP 8.7.3.25.5 > > I am having a very difficult time attempting to get TLS and SRTP > working with Asterisk and anything else. At the moment I am trying to > get TLS functioning with our Snom870 desk-sets. And I am not having > much luck. > > Since this

Thomas Preissler: > ssl_protocols = !SSLv3 !SSLv2 that disable SSLv3 > When I enable verbose_ssl I get this: > 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 flush data [$CLIENTIP] > ... > Is this right? Is SSLv3 used on this connection? The logging is right, but SSLv3 isn't used. Today it's not uncommon that application /log/

> I'm configuring apache with https and I've a question about sslv3 > deactivation. > > Running "openssl ciphers -v" I get a list of cypher suite of openssl like: > > ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) > Mac=AEAD > ......... > SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCompression

We turned off SSLv3 support on our pop/imap running dovecot on Oct 16th, we did check that all users where using TLSv1 and there have been no complaints (except one old windows-phone). But at 13:00 UTC today, suddenly strange entries is seen in the logfile: Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message: SSL alert number 10 Followed

On Mon 29.Feb'16 at 13:19:07 +0000, C. L. Martinez wrote: > Hi all, > > I am trying to setup an apache virtualhost under CentOS 6.7 that needs to redirects requests from port 444 to port 5100 in its local ip. But I am doing some mistakes because every time I'm receiving a loop error. > > My actual httpd's config for this virtualhost is: > > NameVirtualHost

>>>>> "JBB" == James B Byrne <byrnejb at harte-lyne.ca> writes: JBB> tcpenable=yes JBB> tlsenable=yes JBB> tlscertfile=/etc/pki/asterisk/ca.harte-lyne.hamilton.asterisk.crt JBB> tlscafile=/etc/pki/tls/certs/ca-bundle.crt JBB> tlsdontverifyserver=yes JBB> tlscipher=ALL JBB> tlsclientmethod=tlsv1 You are missing the tls key. The config name is

Hi all, I am trying to setup an apache virtualhost under CentOS 6.7 that needs to redirects requests from port 444 to port 5100 in its local ip. But I am doing some mistakes because every time I'm receiving a loop error. My actual httpd's config for this virtualhost is: NameVirtualHost 192.168.1.5:444 <VirtualHost 192.168.1.5:444> ServerName myweb01.local.domain ErrorLog

I am trying to get our prototype Linux workstation to allow users to see shares on our legacy MicroSoft Windows-2000 Domain Server, I can find guides for setting up Samba as a Primary Domain Controller but I cannot seem to locate any good and expansive guide for setting up a samba workstation and just joining the domain. Perhaps this is so trivial a process no-one thinks that it requires such a

Hi , I am new to this puppet. I am implementing a network where my cisco switch will contact the puppet server for getting the configuration. I tried installing open source puppet and was successful in pushing down the configurations. I wanted then to try the same exercise with puppet enterprise 3.1. I installed puppet enterprise in a different server and changed my puppet agent (switch) to