[SR-Users] Susceptibility to POODLE Vulnerability?
Olle E Johansson
oej at edvina.net
Tue Oct 21 08:20:34 CEST 2014
>>
>> !!! *a warning **that the use of SSLv3 **susceptibility to POODLE
>> Vulnerability* !!!
>>
Well, since Poodle requires a web browser and java script we're not in
danger from a Poodle attack. Even so, we are not enabling SSL by
default, only enabling TLS. All versions of SSL are too old to be
secure. We can not add a warning text for every possible attack,
but have published information on twitter, facebook, G+ and
on the mailing lists.
Are we aware of any phones or SIP servers that only supports SSLv3
and have no support of TLS?
/O
More information about the sr-users
mailing list