> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols` thats the most important part
> directive. But, ssllabs.com says that : > > ---- snip ---- > Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more > info[2]) TLS_FALLBACK_SCSV also prevents downgrades from TLSv1.2 -> TLSv1.1 -> TLSv1 and has got nothing to do with SSLv3 > With configuration: > ---- snip ---- > SSLHonorCipherOrder On > SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 isnt this the apacheconfig? > > So the question is, how important it is? > it is not yet important, but downgrade-attacks might happen again. do you have nginx with a different openssl-library installed, e.g. statically linked please paste the full output from $ nginx -V Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254106,254109#msg-254109 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
