Viktor, LazyG This is not nonsense, as I learned something from it. Now I will go and check whether it is enabled.
And thanks for mentioning foundations and family etc. That is also useful. Maybe we should be a bit more polite to other folks in the list, we are mostly 'in the same boat'. Cheers --- Rick On May 24, 2017 12:26:32 PM EDT, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > >> On May 24, 2017, at 5:41 AM, li...@lazygranch.com wrote: >> >> You shouldn't be accepting sslv3 due to the poodle attack. >> >> https://en.m.wikipedia.org/wiki/POODLE >> >> A search should indicate what to change to reject sslv3. >> >> Of course there still could be other things that need fixing. ;-) > >Please don't distract people asking questions with nonsense. > >There is no evidence the OP has SSLv3 enabled. The SSLv3 >protocol is the foundation on which TLS 1.0, 1.1 and 1.2 >(and to a much lesser extent TLS 1.3) are built. All >these protocols share the underlying record layer and >alert processing code. When OpenSSL logging reports >an error from an "ssl3" function, the actual protocol >in use could be any of the family of protocols that >are based on SSL 3.0. > >-- > Viktor. -- Sorry for being brief. Alternate email is rickleir at yahoo dot com
