iltdevunit Posted October 16, 2014 Report Share Posted October 16, 2014 I've just read up on the latest SSL attack:https://threatpost.com/new-poodle-ssl-3-0-attack-exploits-protocol-fallback-issue/108844 The patches I've seen so far are for Apache on Linux or IIS on Windows. Does anyone know how to apply the fix to Uniserver Zero i.e. Apache on Windows? Quote Link to comment Share on other sites More sharing options...
Ric Posted October 17, 2014 Report Share Posted October 17, 2014 Edit file C:\UniServerZ\core\apache2\conf\extra\httpd-ssl.confLocate this section: #== SSL Cipher Suite: SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUMReplace with: #== SSL Cipher Suite: SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite AES256+EECDH:AES256+EDHNote: Above added starting from Uniform Server 11.4.0-ZeroXI All the bestRic Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.