[ic] POODLE

Peter peter at pajamian.dhs.org
Sun Nov 2 11:00:24 UTC 2014


On 11/02/2014 04:06 PM, Jon Jensen wrote:
> On Sun, 2 Nov 2014, Peter wrote:
> 
>> I'm thinking that it would be a good idea to update the payment
>> modules in Interchange so that they will not use SSLv2 (BEAST) or
>> SSLv3 (POODLE) protocols.  This is probably not an issue because the
>> payment processors have, or will likely soon be removing SSLv3 support
>> from their servers, but still it's probably a good idea to donk the
>> issue from our end as well.
> 
> +1. Are you already working on a patch? Want any help?

No, I haven't had time to work on much extra lately, but I did feel it
was worth bringing up.

> BTW, BEAST is not related to SSLv2. SSLv2 was broken and dead many years
> before BEAST, and BEAST still affects TLS 1.0. FWIW.

Oh, right, but the vast majority of browsers are patched against BEAST
now, so TLSv1.0 is largely considered safe.


Peter



More information about the interchange-users mailing list