Disable SSLv3 and RC4
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue Sep 13 07:20:44 PDT 2016
On Mon, Sep 12, 2016 at 3:37 PM, Nux! <nux at li.nux.ro> wrote:
> Hello,
>
> SSLLabs are currently giving my ocserv grade C because:
> This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
> This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B.
Check the tls-priorities option. Most likely you need to set something like:
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
More information about the openconnect-devel
mailing list