[SAC] [OSGeo] #1480: osgeo.org vulnerable to FREAK SSL/TLS vulnerability
OSGeo
trac_osgeo at osgeo.org
Wed Mar 4 10:22:53 PST 2015
#1480: [SAC] osgeo.org vulnerable to FREAK SSL/TLS vulnerability
---------------------------+------------------------------------------------
Reporter: dmorissette | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+------------------------------------------------
Comment(by wildintellect):
The solution is to modify a few lines in the apache SSL conf to disable
clients from being able to downgrade the cipher.
This site will help generate the correct lines to disable bad ciphers.
Need the apache version and ssl version. This fix is similar to previous
SSL related fixes over the last year.
https://mozilla.github.io/server-side-tls/ssl-config-generator/
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/1480#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list