Surprisingly I didn't show up; either way I was affected and likewise good nudge to do something about it... two of my servers (BitFolk VPS being one of them) are still currently stuck on Debian Squeeze (long story, but upgrading to Wheezy would most likely break some old binary installs). Unfortunately the version of lighttpd packaged with Squeeze annoyingly doesn't actually have a option to disable SSLv3... so I've quickly backported the relevant code to enable that config.

https://github.com/matjohns/squeeze-lighttpd-poodle

Just in case anyone else is in a similar position, this worked for me.

~Mat

On 16 December 2014 at 18:53, Ole-Morten Duesund <olemd@glemt.net> wrote:

On 16/12/14 18:44, Andy Smith wrote:

Hello,

On Tue, Dec 09, 2014 at 07:39:05PM +0000, Andy Smith wrote:

ShadowServer have started reporting on this now, and their latest
report still shows 79 IPs in BitFolk's customer IP space that are
vulnerable to SSLv3/Poodle.

I still don't want to be opening tickets with people individually
over this so unless there is an outrage against the idea then I'm
thinking of just posting next Tuesday's report here.

Here you go:

http://dl.shadowserver.org/4o9jR_W433PVUJ4CIuqH8V7ht7A?mXSocjvDYp7FJ-vqyoRiow

Excellent - just what I needed to actually fix it. 5 min of spare time and a tiny nudge :-)

- OM

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users