[nsd-users] Patch: disable SSLv3 for controlconnections

A. Schulze sca at andreasschulze.de
Mon Jan 5 10:07:14 UTC 2015


Hello,

the thread http://open.nlnetlabs.nl/pipermail/nsd-users/2014-April/001906.html
discussed Heardblead. I think it's worth to disable not only SSLv2 but  
SSLv3 too.

-> attachted a simple patch for nsd-4.1.0...

Unbound have a similar design. SSLv3 should be also disabled there  
with a patch as trivial as this one.
@Wouter: could you keep this in mind for the next releases?

Maybe it's worth to extend the control interface of NSD _and_ UNBOUND to
  - enforce only the highest available protocol version
  - enforce only one secure cipher suite
  - be configurable for weaker settings

Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: no_sslv3.patch
Type: text/x-diff
Size: 1321 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20150105/ba31a9bb/attachment.bin>


More information about the nsd-users mailing list