[SR-Users] Susceptibility to POODLE Vulnerability?
Rainer Piper
rainer.piper at soho-piper.de
Tue Oct 21 08:30:20 CEST 2014
Am 21.10.2014 um 08:20 schrieb Olle E Johansson:
>
>>>
>>> !!! *a warning **that the use of SSLv3 **susceptibility to POODLE
>>> Vulnerability* !!!
>>>
> Well, since Poodle requires a web browser and java script we're not in
> danger from a Poodle attack. Even so, we are not enabling SSL by
> default, only enabling TLS. All versions of SSL are too old to be
> secure. We can not add a warning text for every possible attack,
> but have published information on twitter, facebook, G+ and
> on the mailing lists.
>
> Are we aware of any phones or SIP servers that only supports SSLv3
> and have no support of TLS?
>
> /O
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
asterisk just published a security warning
source: http://downloads.asterisk.org/pub/security/AST-2014-011.html
you have to force asterisk to do TLSv1
the defaults settings allowing a SSLv3/SSLv2 fallback.
--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rainer at sip.soho-piper.de:5072 (pjsip-test)
XMPP: rainer at xmpp.soho-piper.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20141021/af0daa16/attachment.html>
More information about the sr-users
mailing list