Deactivating vulnerable SSLv3 on my Snow Leopard Server
Hello Forum members,
so, apparently there are no more security updates for SL Server 10.6.
I was made aware that one of our Servers is vulnerable to the Poodle attack that's using the now insecure SSL v3.
I was told to deactivate SSL v3 on our server.
As there are so settings that I'm aware of, I found this hint:
...however, the detailed answer is apparently for a newer version, as these paths (Library/Server/...) don't exist on SL and I could find anything similar in /Library/WebServer/....
The other answer seems helpful, but I have no idea where to apply all these settings, so that they don't get reset with the next restart.
I can't seem to find any setting for TLS neither.
All the other usual approaches (Google, Docindentation...) failed as well.
I cannot update the server right now to a new Mac OS X Server, as we heavily rely on Mailman (has been removed) and the Wiki - MySQL and QTSS and Podcast Server are also things that are used
Any hint is greatly appreciated!
Thanks
ps:
I'd be even happy to find an overview of paths to various config files that are safe to edit.