Just been informed that there is a bug in the current Apache 2.4 version of CentOS 7:
https://bz.apache.org/bugzilla/show_bug.cgi?id=57100
This bug prevents removing the SSL protocol SSLv3 (the one targeted by Poodle). Basically, the "All" keyword is ignored in:
Code: Select all
SSLProtocol All -SSLv2 -SSLv3
Code: Select all
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
I wonder when this Apache version will be available for CentOS 7? And in the mean time, how does one go about patching this problem, if it's possible (no workaround seems available)?
Regards.