[nsd-users] Patch: disable SSLv3 for controlconnections
A. Schulze
sca at andreasschulze.de
Mon Jan 5 10:07:14 UTC 2015
Hello,
the thread http://open.nlnetlabs.nl/pipermail/nsd-users/2014-April/001906.html
discussed Heardblead. I think it's worth to disable not only SSLv2 but
SSLv3 too.
-> attachted a simple patch for nsd-4.1.0...
Unbound have a similar design. SSLv3 should be also disabled there
with a patch as trivial as this one.
@Wouter: could you keep this in mind for the next releases?
Maybe it's worth to extend the control interface of NSD _and_ UNBOUND to
- enforce only the highest available protocol version
- enforce only one secure cipher suite
- be configurable for weaker settings
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: no_sslv3.patch
Type: text/x-diff
Size: 1321 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20150105/ba31a9bb/attachment.bin>
More information about the nsd-users
mailing list