[ubuntu-hardened] The POODLE vulnerability.
Daniel Curtis
sidetripping at gmail.com
Wed Oct 22 10:21:38 UTC 2014
Hi
As we all know Google has disclosed a new SSL
vulnerability that goes by the name POODLE [1].
I would like to ask about two Firefox's 33.0 settings
available via e.g. 'about:config' --
'security.tls.version.min' set to '1' (Status: user)
'security.tls.version.max' set to '3' (Status: default)
Mentioned POODLE vulnerability was found in the
design of SSL version 3. It seems, that disabling
SSL 3.0 support is sufficient to mitigate issue, but...
Is there anything users should/can do until Mozilla
fix POODLE issue? Probably SSLv3 will be disabled by
default in Firefox 34, which will be released on Nov. 25.
What do you thing?
Best regards
____________
[1]
http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20141022/36073558/attachment.html>
More information about the ubuntu-hardened
mailing list