[nsd-users] Patch: disable SSLv3 for controlconnections
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Mon Jan 5 11:43:04 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Andreas,
On 05/01/15 11:07, A. Schulze wrote:
>
> Hello,
>
> the thread
> http://open.nlnetlabs.nl/pipermail/nsd-users/2014-April/001906.html
>
>
discussed Heardblead. I think it's worth to disable not only SSLv2 but
> SSLv3 too.
>
> -> attachted a simple patch for nsd-4.1.0...
Thank you. Similar code was already in nsd's code repository.
> Unbound have a similar design. SSLv3 should be also disabled there
> with a patch as trivial as this one. @Wouter: could you keep this
> in mind for the next releases?
>
> Maybe it's worth to extend the control interface of NSD _and_
> UNBOUND to - enforce only the highest available protocol version -
> enforce only one secure cipher suite - be configurable for weaker
> settings
No sure why configuration would be helpful, but I see value in
constraining the settings to stronger security.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUqnjHAAoJEJ9vHC1+BF+N1BEP/1e4HhAtwUjHONVK4EmqOqYX
vwwr/R8LxLXSLEaAB/XITKdNxt1FNmiQWeeFk92cR4kT7T47nhdIfYC07gNVNLJC
DGim76P2sQrpjDbduYXZIxjbE394wpdev7V6ajhUweT5wCNVYp+Afp7KpZFmNPnw
rwjqDvnAqJ2U8Ae5VXFV+2cAuHwSMEtD9JG3TY+YlYq28PQi9Sc62bCTuRsTXbZB
Gq0e4bw+X9MfzzEqOIukaW+yBzvbvGXuXr8jwH0/7LuCBhTWfCbJJ4iBow7WM/Td
+f82L+qAlKQH98yRjldUXSRxjmBl9bMoNd3E+/QxHJXja84cHiQRHmtOhq3rBdVQ
ovppSrrdBxyEIXLR9qizNP5qUWeJpfZHF+jBOxfpWLsf17SWOwW42+qi8g7YNvpf
1lvbn56UYFwGYIyCogaDKnfmBel2dm+cA4dlr0NzQGEB+CHDitXIMEszmbbiAyIb
tdvYQjzu9VFru/aVZV0bWIuPZgC9zMItL03hzwBfvjQ9Z8nBs46qSX8Sg64VAsGQ
bGqkz1M4c/VOkKGJHVZsM/r1IDdULBnJ5l+xIjklz47wC2hvV9K3UVW446V1qEGw
ItJmoN8FzgvVzqP5OD9eZOi0D+ar4kEO+9YyllZ1M6Hln6rYch/omHo2y18li6I9
ivb35bIH5UYPEDtPowmG
=QIMv
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list