Disable SSLv3 and RC4

Nux! nux at li.nux.ro
Tue Sep 13 07:33:15 PDT 2016


Thanks Nikos, I'll have a look at that option.

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Nikos Mavrogiannopoulos" <n.mavrogiannopoulos at gmail.com>
> To: "Nux!" <nux at li.nux.ro>
> Cc: "openconnect-devel" <openconnect-devel at lists.infradead.org>
> Sent: Tuesday, 13 September, 2016 15:20:44
> Subject: Re: Disable SSLv3 and RC4

> On Mon, Sep 12, 2016 at 3:37 PM, Nux! <nux at li.nux.ro> wrote:
>> Hello,
>>
>> SSLLabs are currently giving my ocserv grade C because:
>> This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to
>> mitigate. Grade capped to C.
>> This server accepts RC4 cipher, but only with older protocol versions. Grade
>> capped to B.
> 
> Check the tls-priorities option. Most likely you need to set something like:
> tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"



More information about the openconnect-devel mailing list