From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-157872-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id CD94B13877A
	for <garchives@archives.gentoo.org>; Mon, 11 Aug 2014 20:18:17 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0E0F2E0998;
	Mon, 11 Aug 2014 20:18:12 +0000 (UTC)
Received: from mail-qg0-f45.google.com (mail-qg0-f45.google.com [209.85.192.45])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id D9684E096B
	for <gentoo-user@lists.gentoo.org>; Mon, 11 Aug 2014 20:18:10 +0000 (UTC)
Received: by mail-qg0-f45.google.com with SMTP id f51so8849656qge.18
        for <gentoo-user@lists.gentoo.org>; Mon, 11 Aug 2014 13:18:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=gAkN/DPeqSJfiT2A/MzpMj4/f/O5cRX9/P+W+f0ocBA=;
        b=KznDRaPbmqvIHLbosp+tzLsSAIY+3VdjNNknusxPj0yd7tw94Fl3gO6XzqyHVdT5oJ
         RWBqhj48K5mbyneauuTVpffOWbL5uJypGN6nQjygMx62TlnCL77IGN+SXS1IdZMiy8Oy
         L8blGjOfAblmovYb4yexi8OaRVmX/VADFCFzeG/PWNeLOdrc/DvSIblkYekyxrUhH42A
         KyOo77ZWCMp+OOqjON1Ei6uODzdYpNIJSW8eCSbRMIWQy0mecy+KZ0OPbSGfxe/2qbyx
         wSnIZnqvb4MUHUg6flu2kTX5lfgKHcFxbNh8Odc0mEvxxK4cMJls0VMWF2MohUHbJ/X3
         ac3A==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.140.86.147 with SMTP id p19mr40756116qgd.66.1407682913309;
 Sun, 10 Aug 2014 08:01:53 -0700 (PDT)
Received: by 10.140.25.208 with HTTP; Sun, 10 Aug 2014 08:01:53 -0700 (PDT)
In-Reply-To: <53E6A0E0.4080001@staticsafe.ca>
References: <CAN0CFw1GBfrQM9s7FQb3OrVLX7s53RNrSMoLbEcY+2ahj6MJ2g@mail.gmail.com>
	<53E6A0E0.4080001@staticsafe.ca>
Date: Sun, 10 Aug 2014 08:01:53 -0700
Message-ID: <CAN0CFw1Jzz1AWCU6DGYRZGSpJkvA4MQOZm8Q3g==ovnteKZAMw@mail.gmail.com>
Subject: Re: [gentoo-user] disable SSLv3 in apache2?
From: Grant <emailgrant@gmail.com>
To: Gentoo mailing list <gentoo-user@lists.gentoo.org>
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 153975c6-a4bd-4bf4-82a9-3cebc5e407a7
X-Archives-Hash: 14ea280be782525ab26320e27e9fc3d5

>> I recently upgraded from apache-2.2.27 to apache-2.2.27-r4 and
>> etc-update wanted to add the following directive to the default SSL
>> vhost:
>>
>> SSLProtocol ALL -SSLv2 -SSLv3
>>
>> I had already disabled SSLv2 (security issue?) but this also disables
>> SSLv3.  Could that cause a compatibility issue?
>>
>> - Grant
>>
>
> You can use something like Qualys SSL Labs[0] to test if anything breaks.
>
> https://www.ssllabs.com/ssltest/index.html


Isn't it a browser compatibility issue though?  Are there browsers out
there that support SSLv3 but not TLS?

- Grant