Hi Christophe,
* I believe that the patch in question has been merged and is
present in the mecurial repository.
http://hg.vergenet.net/perdition/perdition/rev/30672d224854
* It is not at all clear to me that the patch above disables SSLv3.
I believe a separate change to allow users to select which SSL/TLS
protocol versions are enabled may be worth adding to perdition.
But I'm not sure of a way to do that cleanly which doesn't require
updating perdition each time the underlying SSL/TLS implementation,
currently OpenSSL, adds support for a new protocol.
* It appears to me that updating OpenSSL will prevent perdition from
being the SSL DROWN vulnerability. My light testing indicates that
with an updated OpenSSL it is no longer possible to negotiate
an SSLv3 connection with perdition.
https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drow…
On Mon, May 02, 2016 at 05:59:59PM +0200, Christophe Ségui wrote:
Hi,
Is there any plan to merge this patch into perdition ?
bests
Christophe
On 30/08/2015 21:56, Epiontis IT wrote:
Thank you Matthias. I'll look into that.
On 08/30/2015 02:15 PM, Matthias Hunstock wrote:
Am 28.08.2015 um 17:20 schrieb Epiontis IT:
Hello Xavier,
did you have any success disabling SSLv3? I would like to disable any
old ciphers and turn on Forward Secrecy. Do you have experience with
this and perdition?
There is a patch in the debian bug tracker:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765867
According to Simons comment this should show up soon in the perdition
repository, but it is manageable to build own deb packages with that
patch.
Regards
Matthias
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
https://lists.vergenet.net/listinfo/perdition-users