SSLv3 Poodle (SECURITY)

Version 1.463

Bugfix
Finished

Changed the openssl protocol to use (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3) to disable SSLv3, preventing the Poodle exploit in SSLv3. Note, to all TLSv1.0 and TLS 1.1, use: ssl_cipher=SSLv3 as TLS1.0 and 1.1 fall under the SSLv3 ciphers list, but because SSLv3 is disabled at the protocol level, SSLv3 itself won't be used. TLSv1.2 will be enabled either way at the protocol level. Related ciphers list guide: http://help.directadmin.com/item.php?id=571 Related forum thread: http://forum.directadmin.com/showthread.php?t=50105 Upon update of DirectAdmin, it will check the directadmin.conf for: ssl_cipher=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP and will automatically swap your directadmin.conf back to use: ssl_cipher=SSLv3 and will notify the Admins via the Message System.

Interested to try DirectAdmin? Get a 30-day Free Trial!