[CalendarServer-users] Protect against new SSL vuln

Pascal Dallaire pascaldallaire at cre-gim.net
Thu Oct 16 17:41:03 PDT 2014


Hello there,

Thanks for answering so quickly! I’m trying to use the older variants method before I upgrade the Calendar server completely. But in this patch, isn’t the best method TLSv1? and not SSLv23?

Pascal

Le 2014-10-16 à 12:42, Cyrus Daboo <cdaboo at apple.com> a écrit :

> Hi Pascal,
> 
> --On October 16, 2014 at 12:38:37 PM -0400 Pascal Dallaire <pascaldallaire at cre-gim.net> wrote:
> 
>> What is the way to disable SSLv3 in CalendarServer to protect against
>> POODLE?
> 
> Our trunk code has the fix. The svn diff for the change is here:
> 
> <https://trac.calendarserver.org/changeset/14035>
> 
> Depending on what version you are using, you should be able to apply that change relatively easily. Older variants might also need the following applied:
> 
> <https://trac.calendarserver.org/changeset/14062>
> 
> -- 
> Cyrus Daboo



More information about the calendarserver-users mailing list