Will Discourse patch against POODLE SSLv3 vulnerability?


(Michael Downey) #1

Since Discourse ships with Nginx, and SSL is an officially-supported option, will there be any kind of update automatically pushed out to disable SSLv3 to protect against the newly-announced POODLE vulnerability?

A nice summary from Digital Ocean: How To Protect your Server Against the POODLE SSLv3 Vulnerability | DigitalOcean

If this isn’t something that can be pushed out automatically with an update, can someone either write up a fix document or maybe update the HOWTO for SSL?


(Dave Shaw) #2

Is SSL 3.0 enabled on your site?

It’s not on mine.

Try something like https://www.poodlescan.com/ to see if it is.


(Jeff Atwood) #3

Our base Docker image never supported ssl v3 in the first place, so this is a non issue for us.


(Jeff Atwood) #4