Hi, On 25/10/14 23:26, Mohsin wrote: > We are using HTTP protocol for repository access > (http://abc.svn.com/svn/Repo/) over the internet for this case we are using > tortoise svn client V 1.8.7 which is dependent on serf and serf is using SSL > V3 . I just read serf version 1.3.5 is using SSL V3 and in serf 1.3.5 SSL V3 > is enabled . Serf had released latest version 1.3.8 in which SSL V3 is > disabled . So should I upgrade serf version on my server because I have > compiled my svn with serf V 1.3.5 or there is no issue ?
If you use HTTP "http://"; you are not using SSL/TLS. You are not affected by POODLE, but also not using encryption. If using SSH/TLS, the server does not use serf. Turn off SSL 3.0 in the Apache httpd configuration. No upgrade required, simple configuration change. Andreas
