Joe Friedeggs friedeggs44@hotmail.com schrieb am 19.10.2014 um 15:17 in
Nachricht BLU170-W8303CBEF13F0FA435A5765A5960@phx.gbl:
Pardon my ignorance on the subject, but I need to understand this:
You've probably all heard about this "new" attack several times by now. Just
to confirm what's already been stated - this attack only affects HTTP
browsers
that deliberately break the TLS handshake protocol to allow using older SSL versions. It does not affect LDAP software at all.
Isn't this configurable? With the following: TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv3:RSA doesn't this allow SSLv3? To secure against POODLE, don't we need to remove the SSLv3?
Related question: If a slapcat of the config database doesn't show a value for TLSCipherSuite, does it mean it is some default value? Any other way to query the setting?
[...]
Regards, Ulrich