Am 21.10.2014 um 08:20 schrieb Olle E Johansson:
!!! *a warning **that the use of SSLv3 **susceptibility to POODLE Vulnerability* !!!
Well, since Poodle requires a web browser and java script we're not in danger from a Poodle attack. Even so, we are not enabling SSL by default, only enabling TLS. All versions of SSL are too old to be secure. We can not add a warning text for every possible attack, but have published information on twitter, facebook, G+ and on the mailing lists.
Are we aware of any phones or SIP servers that only supports SSLv3 and have no support of TLS?
/O
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
asterisk just published a security warning
source: http://downloads.asterisk.org/pub/security/AST-2014-011.html
you have to force asterisk to do TLSv1 the defaults settings allowing a SSLv3/SSLv2 fallback.