Thanks David & Andreas .
regards
Mohsin
Software Enginner-Configuration Management
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-V3-Vulnerability-in-HTTP-Repository-Access-tp190716p190726.html
Sent from the Subversion Users mailing list archive at Nabble.com.
Thanks David & Andreas .
regards
Mohsin
Software Engineer-Configuration Management (CM)
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-V3-Vulnerability-in-HTTP-Repository-Access-tp190716p190727.html
Sent from the Subversion Users mailing list archive at Nabble.c
On 2014 Oct 25, at 6:33 PM, Mohsin wrote:
>> If you use HTTP "http://"; you are not using SSL/TLS. You are not
>> affected by POODLE, but also not using encryption.
>
> We are using HTTP so we are not affected by POODLE.
>
>
>> If using SSH/TLS, the server does not use serf. Turn off SSL 3.0
> On 26 Oct 2014, at 01:33, Mohsin wrote:
>
> Can you tell when SSH/TLS is used ? In my case we are using HTTP protocol.
Whenever a capable administrator configures the system to support it and users
use the correct scheme, or are forced to do so as is the case with many
production deployment
Thanks.
>If you use HTTP "http://"; you are not using SSL/TLS. You are not
>affected by POODLE, but also not using encryption.
We are using HTTP so we are not affected by POODLE.
>If using SSH/TLS, the server does not use serf. Turn off SSL 3.0 in the
>Apache httpd configuration. No upgrade
Hi,
On 25/10/14 23:26, Mohsin wrote:
> We are using HTTP protocol for repository access
> (http://abc.svn.com/svn/Repo/) over the internet for this case we are using
> tortoise svn client V 1.8.7 which is dependent on serf and serf is using SSL
> V3 . I just read serf version 1.3.5 is using SSL V3
