Update to 8.0.9 enables SSL3
Posted: Tue Dec 09, 2014 5:35 am
We've just updated from 8.0.7 to 8.0.9. One of the main reasons for this was for the OpenSSL fix
However it turns out that this update also reverses the fix for POODLE SSL3 attack.
How is this sane ? Why would the POODLE fix not be included with the update to 1.0.1j ? Surely POODLE is more serious than the update to 1.0.1j fixes. I know that updating resets any edited config files but why on earth is SSL3 enabled as standard ?
Can anyone explain why this is ?
However it turns out that this update also reverses the fix for POODLE SSL3 attack.
How is this sane ? Why would the POODLE fix not be included with the update to 1.0.1j ? Surely POODLE is more serious than the update to 1.0.1j fixes. I know that updating resets any edited config files but why on earth is SSL3 enabled as standard ?
Can anyone explain why this is ?