Thanks David & Andreas .
regards
Mohsin
Software Enginner-Configuration Management
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-V3-Vulnerability-in-HTTP-Repository-Access-tp190716p190726.html
Sent from the Subversion Users mailing list archive at Nabble.com.
Thanks David & Andreas .
regards
Mohsin
Software Engineer-Configuration Management (CM)
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-V3-Vulnerability-in-HTTP-Repository-Access-tp190716p190727.html
Sent from the Subversion Users mailing list archiv
On 2014 Oct 25, at 6:33 PM, Mohsin wrote:
>> If you use HTTP "http://"; you are not using SSL/TLS. You are not
>> affected by POODLE, but also not using encryption.
>
> We are using HTTP so we are not affected by POODLE.
>
>
>> If using SSH/TLS, the server does not use serf. Turn off SSL 3.0
> On 26 Oct 2014, at 01:33, Mohsin wrote:
>
> Can you tell when SSH/TLS is used ? In my case we are using HTTP protocol.
Whenever a capable administrator configures the system to support it and users
use the correct scheme, or are forced to do so as is the case with many
production deployment
figuration. No upgrade required, simple configuration
>change.
Can you tell when SSH/TLS is used ? In my case we are using HTTP protocol.
How can I disable SSL 3.0 in Apache conf ?
Regards
Mohsin
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-V3-Vulnera
Hi,
On 25/10/14 23:26, Mohsin wrote:
> We are using HTTP protocol for repository access
> (http://abc.svn.com/svn/Repo/) over the internet for this case we are using
> tortoise svn client V 1.8.7 which is dependent on serf and serf is using SSL
> V3 . I just read serf version 1.3.5 is using SSL V3
. Serf had released latest version 1.3.8 in which SSL V3 is
disabled . So should I upgrade serf version on my server because I have
compiled my svn with serf V 1.3.5 or there is no issue ?
regards
Mohsin
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-V3
Nice interpretation .. thanks
we are using http protocol for repository access over the internet for this
case should we upgrade serf version or not ? we are using serf v1.3.5 .
regards
Mohsin
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-v3-vulnerability
Great answer --- you should add it to the FAQ :)
Stefan Sperling wrote on Tue, Oct 21, 2014 at 17:18:44 +0200:
> On Tue, Oct 21, 2014 at 02:40:32PM +, Nicolas CALVET (Ingenico Partner)
> wrote:
> > Hi,
> >
> > Recently, we were informed by a publishing speaking about the vulnerability
> > o
On Tue, Oct 21, 2014 at 02:40:32PM +, Nicolas CALVET (Ingenico Partner)
wrote:
> Hi,
>
> Recently, we were informed by a publishing speaking about the vulnerability
> of SSLv 3.0.
> We would like to know if Subversion 1.6 is compatible with the following
> protocol TLS 1.0 / TLS 1.1 / TLS 1
Hi,
Recently, we were informed by a publishing speaking about the vulnerability of
SSLv 3.0.
We would like to know if Subversion 1.6 is compatible with the following
protocol TLS 1.0 / TLS 1.1 / TLS 1.2 ?
Thanks in advance for you quick feedback
Regards,
Bien Cordialement,
Nicolas Calvet
11 matches
Mail list logo
