Hi mex, Yes, it's apacheconfig, Litespeed is drop-in replacement for Apache.
Here is my full nginx -V http://fpaste.org/142890/60334141/raw I don't have nginx with different openssl-library installed. Thanks. On 10/17/2014 10:29 PM, mex wrote: >> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols` > > thats the most important part > > >> directive. But, ssllabs.com says that : >> >> ---- snip ---- >> Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more >> info[2]) > > TLS_FALLBACK_SCSV also prevents downgrades from TLSv1.2 -> TLSv1.1 -> TLSv1 > > and has got nothing to do with SSLv3 > > >> With configuration: >> ---- snip ---- >> SSLHonorCipherOrder On >> SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 > > isnt this the apacheconfig? > > >> >> So the question is, how important it is? >> > > it is not yet important, but downgrade-attacks might happen > again. > > do you have nginx with a different openssl-library installed, e.g. > statically linked > > please paste the full output from > > $ nginx -V > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,254106,254109#msg-254109 > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
