POODLE

[Daniel Atallah]

I thought we had disabled SSLv3 on that site a while ago - it's surprising
that isn't the case.

I've addressed it now.

When the certificate gets next replaced, it will be replaced with a SHA256
certificate.

Thanks,
-D

On Tue, Oct 21, 2014 at 8:07 AM, Fedor Brunner <fedor.brunner at azet.sk>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> The web server developer.pidgin.im is also vulnerable to POODLE: SSLv3
> vulnerability
>
> https://www.ssllabs.com/ssltest/analyze.html?d=developer.pidgin.im
>
> Please consider also upgrading the SSL certificate for
> developer.pidgin.im to use SHA256withRSA signature algorithm.
>
> The issues are already fixed for webserver pidgin.im
>
> Fedor
> -----BEGIN PGP SIGNATURE-----
>
> iQJ8BAEBCgBmBQJURkyIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QkVFQ0NBRDcyNzU1RTk2RTQwMzlEQjc2
> RTE3NDA5NTQwNTY2M0FEAAoJEG4XQJVAVmOt+DcP/Aj45necruvRFieqERA6nMl3
> WEdpfgVkl/IBFHS23XC8juc5O4CAcfj5rKFe+TdUls0HKpMfTUoo9JOqBKVHciRO
> EYUpWOzUQjEvDiZY/Rd558vZFphrc24IUVWzd+c7jXDzjD03iwD09mQEikVA7CSz
> /GNYJ8CaIhvvDKN+bGxVzdfhIxvbEYZlcH8S8nWNzP0se7y/rdzpDEcRkBoYpXzp
> bbe/Q5JIHkOygCLge0WkVGT9G+/hJSmfe5SN3umyHaVQpR17y77Eq/QWSR9TLCml
> 8cbpOEoRkz90YKHyLKK6beiRxU0m7VmKt7xnwOESoUime5QtSq29salJ3YMa2lxt
> fNAFbvc2gre7P+FF4EEQhUee412GHVCb+SUYYyrwFnXGApoVSVyGDaVN7NBY7eg3
> FtWDvOkCchLeDJZBkrXC5Edng5oIQTaI/iOapJzgneVGh347+pgFUsCs7+4oqYYX
> mZG2blS7y7CQrUxtErDZV2GawjlhUNpD++I2qtKJooHAcJkLpJArC+uiC19o5OW8
> As6J0UqZ9erdzvQ4ociLTc9mjtTNtwS8OMKoFlQkS1jLjj0NhL3L5NgKQQqLM5qU
> 6RLRLD4E6CTdEwdzGO/4B52VYQjPOLTCRZ6zWK6MPTiYC1BZeF5sci3Ew6qF8b6F
> Zx/kYVOF6J5MC1GX5y0+
> =RVtk
> -----END PGP SIGNATURE-----
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20141021/142299cd/attachment.html>