You can check if you re safe using this free tool : https://www.tinfoilsecurity.com/poodle
regards, --------- J. Paul Mutali skype: mutali.rw On Wed, Oct 15, 2014 at 7:11 PM, Dan <d...@dancocos.com> wrote: > If you’re running apache > The fix is to update the following line in your SSL config usually in > /etc/httpd/conf.d/ssl.conf > > SSLProtocol all -SSLv2 -SSLv3 > > > > *Dan Cocos* > BAO Systems > www.baosystems.com > T: +1 202-352-2671 | skype: dancocos > > On Oct 15, 2014, at 1:03 PM, Lars Helge Øverland <larshe...@gmail.com> > wrote: > > Hi server admins, > > Google today published a vulnerability in SSL which could allow an > attacker to decrypt "secure" connections: > > > http://googleonlinesecurity.blogspot.se/2014/10/this-poodle-bites-exploiting-ssl-30.html > > For a dhis system the most practical solution is to simply disable SSL and > rely on TLS, as it's mostly Internet Explorer 6 that does not support TLS, > and DHIS 2 does not support IE 6 anyway. > > I have upgraded the nginx installation docs here > <https://www.dhis2.org/doc/snapshot/en/implementer/html/ch08s03.html#d5e590>. > To disable SSL and add support for all TLS version you can change this line: > > ssl_protocols SSLv3 TLSv1.1 TLSv1.2; > > > to this: > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > > > regards, > > Lars > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : dhis2-devs@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp > > > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : dhis2-devs@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
