dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #33532
ssl vulnerability
Hi server admins,
Google today published a vulnerability in SSL which could allow an attacker
to decrypt "secure" connections:
http://googleonlinesecurity.blogspot.se/2014/10/this-poodle-bites-exploiting-ssl-30.html
For a dhis system the most practical solution is to simply disable SSL and
rely on TLS, as it's mostly Internet Explorer 6 that does not support TLS,
and DHIS 2 does not support IE 6 anyway.
I have upgraded the nginx installation docs here
<https://www.dhis2.org/doc/snapshot/en/implementer/html/ch08s03.html#d5e590>.
To disable SSL and add support for all TLS version you can change this line:
ssl_protocols SSLv3 TLSv1.1 TLSv1.2;
to this:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
regards,
Lars
Follow ups