[Resolved] LSWS 5.0 RC3 Enables SSL V3

Status
Not open for further replies.

MattW

Well-Known Member
#1
I've been testing LSWS 5.0 RC3 on my dev server, and sticking the site behind HTTPS and testing against various test sites, shows SSLV3 is enabled. This should be disabled (disabled with the cPanel apache settings).

Swapping back to LSWS 4.2.22 and re-running the tests shows SSLV3 is disabled again.

CentOS 6.6 64bit with cPanel 11.48.2 (build 3)
 

mistwang

LiteSpeed Staff
#2
Please force reinstall 5.0RC3 to get the latest build. it should have been addressed a while back.

/usr/local/lsws/admin/misc/lsup.sh -f -v 5.0RC3
 

MattW

Well-Known Member
#3
I've just done an install of 5.0 on a new server.

Code:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
upload_2015-4-18_21-23-1.png

Shows SSL V3 enabled again!

upload_2015-4-18_21-23-35.png
 
Status
Not open for further replies.
Top