[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: RE: POODLE SSLv3 downgrade attack

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Antw: RE: POODLE SSLv3 downgrade attack
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 20 Oct 2014 08:47:59 +0200
In-reply-to: <5444C914020000A100017710@gwsmtp1.uni-regensburg.de>
References: <5440D5F1.8050503@symas.com> <BLU170-W8303CBEF13F0FA435A5765A5960@phx.gbl> <5444C914020000A100017710@gwsmtp1.uni-regensburg.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1

Ulrich Windl wrote:
> Related question: If a slapcat of the config database doesn't show a value
> for TLSCipherSuite, does it mean it is some default value?

I'm pretty sure the default depends on the TLS lib used and how it was built
for a certain OS.

=> always set TLSCipherSuite explicitly

To find out which protocols/ciphers can be used with a current installation
use sslscan.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Antw: RE: POODLE SSLv3 downgrade attack
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

References:
- POODLE SSLv3 downgrade attack
  - From: Howard Chu <hyc@symas.com>
- RE: POODLE SSLv3 downgrade attack
  - From: Joe Friedeggs <friedeggs44@hotmail.com>
- Antw: RE: POODLE SSLv3 downgrade attack
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Antw: RE: POODLE SSLv3 downgrade attack
Next by Date: Re: Antw: RE: POODLE SSLv3 downgrade attack
Index(es):
- Chronological
- Thread