Update to 8.0.9 enables SSL3

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
dik23
Outstanding Member
Outstanding Member
Posts: 264
Joined: Sat Sep 13, 2014 1:44 am

Update to 8.0.9 enables SSL3

Postby dik23 » Tue Dec 09, 2014 5:35 am

We've just updated from 8.0.7 to 8.0.9. One of the main reasons for this was for the OpenSSL fix


However it turns out that this update also reverses the fix for POODLE SSL3 attack.


How is this sane ? Why would the POODLE fix not be included with the update to 1.0.1j ? Surely POODLE is more serious than the update to 1.0.1j  fixes. I know that updating resets any edited config files but why on earth is SSL3 enabled as standard ?


Can anyone explain why this is ?




Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 4 guests