kksiu / mod-spdy

Automatically exported from code.google.com/p/mod-spdy
0 stars 0 forks source link

TLS_FALLBACK_SCSV Support #96

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Ubuntu has rolled out TLS_FALLBACK_SCSV patches (TLS Protocol Downgrade attack 
prevention) to their openssl packages, but servers running mod_spdy are still 
affected due to the built-in openssl.

Because of that it would be great if mod_spdy could be updated to include those 
patches.

Original issue reported on code.google.com by Felix.Bu...@gmail.com on 17 Oct 2014 at 4:38

GoogleCodeExporter commented 9 years ago

Hello,

SPDY does not support TLS_FALLBACK_SCSV in order to prevent
protocol downgrade attacks.

I would like to know if there is an ETA for this feature,
Otherwise I will have to remove SPDY of all our servers.

Thanks in advanced for your expected cooperation and assistance about this 
matter.

Original comment by infosecs...@gmail.com on 11 Feb 2015 at 3:20

GoogleCodeExporter commented 9 years ago
You can also disable SSL3, unless you still need to support IE6 clients.

Original comment by Felix.Bu...@gmail.com on 19 Feb 2015 at 1:48

GoogleCodeExporter commented 9 years ago
Thanks it was done

Original comment by infosecs...@gmail.com on 21 Feb 2015 at 11:54