AnsweredAssumed Answered

workaround for poodle

Question asked by Edward Quick on Oct 17, 2014

Hi,

 

Would this be an acceptable workaround for the Poodle vulnerability on apache rather than disabling SSLv3 completely? The server would redirect the user to a page warning the user they are on a low encryption protocol and request them to upgrade.

 

RewriteCond %{HTTPS} =on

RewriteCond %{SSL:SSL_PROTOCOL} ^SSL

RewriteCond %{REQUEST_URI} !/lowencrypt.html

RewriteRule .* http://%{HTTP_HOST}/lowencrypt.html [R=302,L]

 

Thanks,

Ed

Outcomes