|
From: | Nikos Mavrogiannopoulos |
Subject: | Re: alleged attack on TLS |
Date: | Fri, 23 Sep 2011 21:37:48 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Icedove/3.1.13 |
On 09/23/2011 02:52 PM, Stephane Bortzmeyer wrote:
* Disable SSL 3.0 and TLS 1.0So, with mod_gnutls, you suggest: GnuTLSPriorities NORMAL:!VERS-TLS1.0:!VERS-SSL3.0
As I said this before this would enforce the secure modes and if cannot be negotiated will fail. An alternative approach would be to all the "NORMAL" priorities and if TLS1.0 or SSL3.0 are negotiated warn the peer with an application protocol message (i.e. in case of a web server with a special web page) and close the connection.
regards, Nikos
[Prev in Thread] | Current Thread | [Next in Thread] |