On Wed, Jan 14, 2015 at 7:40 PM, Matthew Saltzman <mjs(a)clemson.edu> wrote:
SSLLabs reports a couple of servers of mine have SSL v3 enabled and
are
vulnerable to POODLE. I followed instructions for Apache httpd at
https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/, but that does
not seem to cure the problem. SSLLabs still reports the servers as vulnerable. Does
anyone know what I'm missing?
The server also runs Trac and Subversion servers and a separate vhost
runs Jenkins. Does something special need to be done for those
services?
(These are, in fact, RHEL 7 servers running httpd-2.2.15-39.el6.x86_64,
but I hope someone here will know what's going on.)
RHEL servers have support from Red Hat, send an email or pick up the
phone. The patches between RHEL and Fedora are documented, but unless
someone actually knows the answer it's totally non-obvious how to
answer your question other than "yes I realize it's 2015, but here's
how you use a telephone..."
--
Chris Murphy