On Wed, Oct 15, 2014 at 3:28 PM, Mike Seda <mike.s...@lillegroup.com> wrote:
> Puppet Developers, > Based on the SSL POODLE vulnerability ( > https://www.openssl.org/~bodo/ssl-poodle.pdf ), will you be patching > WEBrick to deny SSLv3 like you did with SSLv2 ( > https://projects.puppetlabs.com/issues/19151 )? > Yes, the next releases, commercial and open source will contain those fixes. Webrick isn't recommended to use in environments very large, so normally mitigation of this type can be done at the Apache/Nginx layer. I did post something to our blog about remediation and exposure. http://puppetlabs.com/blog/impact-assessment-sslv3-vulnerability-poodle-attack > > Mike > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/543EF513.3090300%40lillegroup.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMto7LJy_cEJ-oZ7wVQ-FqE8DGtEekFqiX0a6mRp-BeW6Chf4w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
