Now that the POODLE is out of the bag, I think we should consider changing this for v5.1.1:
{RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS,
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
I believe this does have a drawback: certain browsers / UAs on some OSes might
not have TLS support. I think (but not 100% certain) that IE on Windows/XP is
one such case?
Thoughts?
— Leif
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
