<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">Am 21.10.2014 um 08:01 schrieb Rainer

      Piper:<br>

    </div>

    <blockquote cite="mid:5445F6C1.3050602@soho-piper.de" type="cite">

      <meta http-equiv="content-type" content="text/html;

        charset=windows-1252">

      Hi all,<br>

      <br>

      is it possible to add in <br>

      <a moz-do-not-send="true" class="moz-txt-link-freetext"

        href="http://kamailio.org/docs/modules/4.2.x/modules/tls.html">http://kamailio.org/docs/modules/4.2.x/modules/tls.html</a><br>

      under the line <br>

      ><br>

      <h3 class="title">9.1. <code class="varname">tls_method</code>

        (string)</h3>

      ...<br>

      ...<br>

      <br>

      If rfc3261 conformance is desired, TLSv1 must be used. For

      compatibility with older clients SSLv23 is a good option.<br>

      <p class="title"> <b>Example 1.3. Set <code class="varname">tls_method</code>

          parameter</b> </p>

      <div class="example-contents">

        <pre class="programlisting">...

modparam("tls", "tls_method", "TLSv1")

...</pre>

      </div>

      <<br>

      <br>

      <br>

      !!! <big><b>a warning </b><b>that the use of SSLv3 </b><b>susceptibility

          to POODLE Vulnerability</b></big> !!!<br>

      <br>

      <br>

      <div class="moz-signature">-- <br>

        <b>Rainer Piper</b> <br>

        Integration engineer <br>

        Koeslinstr. 56 <br>

        53123 BONN <br>

        GERMANY <br>

        Phone: +49 228 97167161 <br>

        P2P: <a moz-do-not-send="true" class="moz-txt-link-freetext"

          href="sip:rainer@sip.soho-piper.de:5072">sip:rainer@sip.soho-piper.de:5072</a>

        (pjsip-test) <br>

        XMPP: <a moz-do-not-send="true"

          class="moz-txt-link-abbreviated"

          href="mailto:rainer@xmpp.soho-piper.de">rainer@xmpp.soho-piper.de</a></div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>

<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    more informations about SSLv3 POODLE attack<br>

    <br>

    <h1 id="heading-2588"><a

href="https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack"

        class="font-color-normal">SSL 3 is dead, killed by the POODLE

        attack</a></h1>

    <span class="jive-blog-post-subject-stats"> Gepostet von <a

        href="https://community.qualys.com/people/ivanr"

        data-externalid="" data-username="ivanr" data-avatarid="1151"

        id="jive-207327072552770342765" data-userid="2073"

        data-presence="null" class="jiveTT-hover-user

        jive-username-link">Ivan Ristic</a> in <a

        href="https://community.qualys.com/blogs/securitylabs">Security

        Labs</a> am 15.10.2014 12:06:32 </span>

    <p><span style="font-size: 20px; font-weight: bold; line-height:

        1.5em;">The POODLE Attack (CVE-2014-3566)</span></p>

    <p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p>

    <p>After more than a week of persistent rumours, yesterday (Oct 14)

      we finally learned about the new SSL 3 vulnerability everyone was

      afraid of. The so-called <a class="jive-link-external-small"

href="http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html"

        rel="nofollow">POODLE attack</a> is a problem in the CBC

      encryption scheme as implemented in the SSL 3 protocol. (Other

      protocols are not vulnerable because this area had been

      strengthened in TLS 1.0.) Conceptually, the vulnerability is very

      similar to the 2011 BEAST exploit. In order to successfully

      exploit POODLE the attacker must be able to inject malicious

      JavaScript into the victim's browser and also be able to observe

      and manipulate encrypted network traffic on the wire. As far as

      MITM attacks go, this one is complicated, but easier to execute

      than BEAST because it doesn't require any special browser plugins.

      If you care to learn the details, you can find them in the <a

        class="jive-link-external-small"

        href="https://www.openssl.org/%7Ebodo/ssl-poodle.pdf"

        rel="nofollow">short paper</a> or in <a

        class="jive-link-external-small"

        href="https://www.imperialviolet.org/2014/10/14/poodle.html"

        rel="nofollow">Adam Langley's blog post</a>.</p>

    <br>

    read more at source ->

<a class="moz-txt-link-freetext" href="https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack">https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack</a><br>

    <br>

    <div class="moz-signature">-- <br>

      <b>Rainer Piper</b>

      <br>

      Integration engineer

      <br>

      Koeslinstr. 56

      <br>

      53123 BONN <br>

      GERMANY

      <br>

      Phone: +49 228 97167161

      <br>

      P2P: <a class="moz-txt-link-freetext" href="sip:rainer@sip.soho-piper.de:5072">sip:rainer@sip.soho-piper.de:5072</a> (pjsip-test)

      <br>

      XMPP: <a class="moz-txt-link-abbreviated" href="mailto:rainer@xmpp.soho-piper.de">rainer@xmpp.soho-piper.de</a></div>

  </body>

</html>