If you’re running apache The fix is to update the following line in your SSL config usually in /etc/httpd/conf.d/ssl.conf
SSLProtocol all -SSLv2 -SSLv3 Dan Cocos BAO Systems www.baosystems.com T: +1 202-352-2671 | skype: dancocos On Oct 15, 2014, at 1:03 PM, Lars Helge Øverland <larshe...@gmail.com> wrote: > Hi server admins, > > Google today published a vulnerability in SSL which could allow an attacker > to decrypt "secure" connections: > > http://googleonlinesecurity.blogspot.se/2014/10/this-poodle-bites-exploiting-ssl-30.html > > For a dhis system the most practical solution is to simply disable SSL and > rely on TLS, as it's mostly Internet Explorer 6 that does not support TLS, > and DHIS 2 does not support IE 6 anyway. > > I have upgraded the nginx installation docs here. To disable SSL and add > support for all TLS version you can change this line: > ssl_protocols SSLv3 TLSv1.1 TLSv1.2; > > to this: > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > > regards, > > Lars > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : dhis2-devs@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
