Thanks David & Andreas .
regards
Mohsin
Software Enginner-Configuration Management
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-V3-Vulnerability-in-HTTP-Repository-Access-tp190716p190726.html
Sent from the Subversion Users mailing list archive at Nabble.com.
Thanks David & Andreas .
regards
Mohsin
Software Engineer-Configuration Management (CM)
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-V3-Vulnerability-in-HTTP-Repository-Access-tp190716p190727.html
Sent from the Subversion Users mailing list archive at Nabble.c
On 2014 Oct 25, at 6:33 PM, Mohsin wrote:
>> If you use HTTP "http://"; you are not using SSL/TLS. You are not
>> affected by POODLE, but also not using encryption.
>
> We are using HTTP so we are not affected by POODLE.
>
>
>> If using SSH/TLS, the server does not use serf. Turn off SSL 3.0
> On 26 Oct 2014, at 01:33, Mohsin wrote:
>
> Can you tell when SSH/TLS is used ? In my case we are using HTTP protocol.
Whenever a capable administrator configures the system to support it and users
use the correct scheme, or are forced to do so as is the case with many
production deployment
Thanks.
>If you use HTTP "http://"; you are not using SSL/TLS. You are not
>affected by POODLE, but also not using encryption.
We are using HTTP so we are not affected by POODLE.
>If using SSH/TLS, the server does not use serf. Turn off SSL 3.0 in the
>Apache httpd configuration. No upgrade
Hi,
On 25/10/14 23:26, Mohsin wrote:
> We are using HTTP protocol for repository access
> (http://abc.svn.com/svn/Repo/) over the internet for this case we are using
> tortoise svn client V 1.8.7 which is dependent on serf and serf is using SSL
> V3 . I just read serf version 1.3.5 is using SSL V3
Nice interpretation .. thanks
we are using http protocol for repository access over the internet for this
case should we upgrade serf version or not ? we are using serf v1.3.5 .
regards
Mohsin
--
View this message in context:
http://subversion.1072662.n5.nabble.com/SSL-v3-vulnerability-tp1906
Great answer --- you should add it to the FAQ :)
Stefan Sperling wrote on Tue, Oct 21, 2014 at 17:18:44 +0200:
> On Tue, Oct 21, 2014 at 02:40:32PM +, Nicolas CALVET (Ingenico Partner)
> wrote:
> > Hi,
> >
> > Recently, we were informed by a publishing speaking about the vulnerability
> > o
On Tue, Oct 21, 2014 at 02:40:32PM +, Nicolas CALVET (Ingenico Partner)
wrote:
> Hi,
>
> Recently, we were informed by a publishing speaking about the vulnerability
> of SSLv 3.0.
> We would like to know if Subversion 1.6 is compatible with the following
> protocol TLS 1.0 / TLS 1.1 / TLS 1
