iltdevunit Posted October 16, 2014 Report Posted October 16, 2014 I've just read up on the latest SSL attack:https://threatpost.com/new-poodle-ssl-3-0-attack-exploits-protocol-fallback-issue/108844 The patches I've seen so far are for Apache on Linux or IIS on Windows. Does anyone know how to apply the fix to Uniserver Zero i.e. Apache on Windows? Quote
Ric Posted October 17, 2014 Report Posted October 17, 2014 Edit file C:\UniServerZ\core\apache2\conf\extra\httpd-ssl.confLocate this section: #== SSL Cipher Suite: SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUMReplace with: #== SSL Cipher Suite: SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite AES256+EECDH:AES256+EDHNote: Above added starting from Uniform Server 11.4.0-ZeroXI All the bestRic Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.