Page 1 of 1

Update to 8.0.9 enables SSL3

Posted: Tue Dec 09, 2014 5:35 am
by dik23

We've just updated from 8.0.7 to 8.0.9. One of the main reasons for this was for the OpenSSL fix

However it turns out that this update also reverses the fix for POODLE SSL3 attack.

How is this sane ? Why would the POODLE fix not be included with the update to 1.0.1j ? Surely POODLE is more serious than the update to 1.0.1j  fixes. I know that updating resets any edited config files but why on earth is SSL3 enabled as standard ?

Can anyone explain why this is ?