<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Am 21.10.2014 um 08:01 schrieb Rainer
Piper:<br>
</div>
<blockquote cite="mid:5445F6C1.3050602@soho-piper.de" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
Hi all,<br>
<br>
is it possible to add in <br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://kamailio.org/docs/modules/4.2.x/modules/tls.html">http://kamailio.org/docs/modules/4.2.x/modules/tls.html</a><br>
under the line <br>
><br>
<h3 class="title">9.1. <code class="varname">tls_method</code>
(string)</h3>
...<br>
...<br>
<br>
If rfc3261 conformance is desired, TLSv1 must be used. For
compatibility with older clients SSLv23 is a good option.<br>
<p class="title"> <b>Example 1.3. Set <code class="varname">tls_method</code>
parameter</b> </p>
<div class="example-contents">
<pre class="programlisting">...
modparam("tls", "tls_method", "TLSv1")
...</pre>
</div>
<<br>
<br>
<br>
!!! <big><b>a warning </b><b>that the use of SSLv3 </b><b>susceptibility
to POODLE Vulnerability</b></big> !!!<br>
<br>
<br>
<div class="moz-signature">-- <br>
<b>Rainer Piper</b> <br>
Integration engineer <br>
Koeslinstr. 56 <br>
53123 BONN <br>
GERMANY <br>
Phone: +49 228 97167161 <br>
P2P: <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="sip:rainer@sip.soho-piper.de:5072">sip:rainer@sip.soho-piper.de:5072</a>
(pjsip-test) <br>
XMPP: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:rainer@xmpp.soho-piper.de">rainer@xmpp.soho-piper.de</a></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
more informations about SSLv3 POODLE attack<br>
<br>
<h1 id="heading-2588"><a
href="https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack"
class="font-color-normal">SSL 3 is dead, killed by the POODLE
attack</a></h1>
<span class="jive-blog-post-subject-stats"> Gepostet von <a
href="https://community.qualys.com/people/ivanr"
data-externalid="" data-username="ivanr" data-avatarid="1151"
id="jive-207327072552770342765" data-userid="2073"
data-presence="null" class="jiveTT-hover-user
jive-username-link">Ivan Ristic</a> in <a
href="https://community.qualys.com/blogs/securitylabs">Security
Labs</a> am 15.10.2014 12:06:32 </span>
<p><span style="font-size: 20px; font-weight: bold; line-height:
1.5em;">The POODLE Attack (CVE-2014-3566)</span></p>
<p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p>
<p>After more than a week of persistent rumours, yesterday (Oct 14)
we finally learned about the new SSL 3 vulnerability everyone was
afraid of. The so-called <a class="jive-link-external-small"
href="http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html"
rel="nofollow">POODLE attack</a> is a problem in the CBC
encryption scheme as implemented in the SSL 3 protocol. (Other
protocols are not vulnerable because this area had been
strengthened in TLS 1.0.) Conceptually, the vulnerability is very
similar to the 2011 BEAST exploit. In order to successfully
exploit POODLE the attacker must be able to inject malicious
JavaScript into the victim's browser and also be able to observe
and manipulate encrypted network traffic on the wire. As far as
MITM attacks go, this one is complicated, but easier to execute
than BEAST because it doesn't require any special browser plugins.
If you care to learn the details, you can find them in the <a
class="jive-link-external-small"
href="https://www.openssl.org/%7Ebodo/ssl-poodle.pdf"
rel="nofollow">short paper</a> or in <a
class="jive-link-external-small"
href="https://www.imperialviolet.org/2014/10/14/poodle.html"
rel="nofollow">Adam Langley's blog post</a>.</p>
<br>
read more at source ->
<a class="moz-txt-link-freetext" href="https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack">https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack</a><br>
<br>
<div class="moz-signature">-- <br>
<b>Rainer Piper</b>
<br>
Integration engineer
<br>
Koeslinstr. 56
<br>
53123 BONN <br>
GERMANY
<br>
Phone: +49 228 97167161
<br>
P2P: <a class="moz-txt-link-freetext" href="sip:rainer@sip.soho-piper.de:5072">sip:rainer@sip.soho-piper.de:5072</a> (pjsip-test)
<br>
XMPP: <a class="moz-txt-link-abbreviated" href="mailto:rainer@xmpp.soho-piper.de">rainer@xmpp.soho-piper.de</a></div>
</body>
</html>