chris.collins.is
  • Chris Collins is...
  • My Resume

CVE-2014-3566

Brewer, Beardsman, Geek, Godzilla Hunter Extraordinaire

Some Real-World Info on POODLE (CVE-2014-3566)

Some Real-World Info on POODLE (CVE-2014-3566)

TL;DR: Remove SSLv3 - the impact is likely very small

We’ve now removed SSLv3 from about 1000 servers in our environment. So far, we’ve only had one issue - a script used to call an API started to fail. The issue was the ruby rest client > 1.7.0. (Yes, that’s greater-than.)

Removing from Apache

SSLv3 is easy to remove in Apache. You probably want this in your ssl.conf (or whatever the equivalent is for your distro):

  • Chris Collins
Chris Collins 15 October 2014 • 2 min read
chris.collins.is © 2014
cb67604
Latest Posts Mastodon Twitch Github Twitter Hugo Casper3 by Jonathan Janssens