Re: [bitfolk] SSL POODLE (CVE-2014-3566) vulnerabilities amongst the customer base

Andy said: A reminder that your webserver may not be the only thing listening out for https connections on some port or other. By default Webmin uses 10000 and if you use it.. .. check https://yourdomain.whatever:10000 and you'll see it'll accept SSLv3. The current fix is to add ssl_version=10 to /etc/webmin/miniserv.conf and then restart webmin but that may enforce TLSv1 rather than allowing any other TLS version (the documentation of the SSLeay library doesn't make that clear). Doubtless (?) there will be a proper fix soon. cPanel and other such software almost certainly has a similar issue and fix. Ian