On the user mailing list I posted the following on 12/09/2014: ==== Andrea,
You might want to take a closer look at your servers - certs are good but: "This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable. Grade set to F." "https://www.ssllabs.com/ssltest/analyze.html?d=forum.openoffice.org"; <https://community.qualys.com/blogs/securitylabs/2014/06/13/ssl-pulse-49-vulnerable-to-cve-2014-0224-14-exploitable> ==== See: <http://permalink.gmane.org/gmane.comp.apache.openoffice.user/6538> for the entire post. https://forum.openoffice.org (erebus-ssl.apache.org, repository.apache.org 140.211.11.74 et al) is still testing as not patched for CVE-2014-0224 on ssllabs.com. And here: <http://ccsinject.iecra.org/index.php?site=forum.openoffice.org> etc. Shouldn't this be patched by now? --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
