Workaround for CVE-2014-3566 (POODLE) required
Nominated for Precise by Mathew Hodson
In order to close the recently disclosed security vulnerability in SSLv3 (CVE-2014-3566 a.k.a. POODLE), one needs to disable SSLv3 support.
According to http://
(server.c.961) WARNING: unknown config-key: ssl.use-sslv3 (ignored)
I suppose that the logical way to deal with this is to either backport the "ssl.use-sslv3" functionality to the 1.4.28 version shipped by Ubuntu 12.04.5 LTS, or to upgrade the shipped package to 1.4.29 or newer.
|information type:||Private Security → Public Security|
|Changed in lighttpd (Ubuntu):|
|importance:||Undecided → Medium|