Continuing the discussion from The NethServer server is a winner even if not perfect:
I second this. Recently we had some problems with Amazon S3 servers which are not going to manage correctly the handshake phase with squid. The result is a complete failure, a website needed was not available and showed as a blank page (see here, hoping this evening to have more detailed information to update the bug report).
I came acrosse the same problem with other distros and I agree that disabling SSLv2 and SSLv3 is important and should be done by default since the POODLE vulnerability is a serious threat.
Disabling isn’t that hard. See https://www.centos.org/forums/viewtopic.php?f=17&t=49029
I think we already did it.
Only squid has been left out.
Could you please confirm’ Thanks.
Confirm… uh… I only installed a base install in a VM untill now. Need to get used to NS a bit more. If it’s fixed I think you should know…
Also on 6.6?
I hope to confirm this doing some tests this evening.
Maybe 6.6 no longer exists.
Seriously, the protocol restrictions were introduced by CentOS on 6.7, we try to follow upstream.
Going from 6.6 to 6.7 is a click on a button.
I used Qualys SSL Labs for tests.
I fully understand, but do you know the old adagio “when something works, do not touch it?”
Jokes apart, we will test 6.7 but we have a “zero day” on a site using 6.6, which for the moment was worked around (disabling SSL proxying).
Will provide additional information tomorrow