Disabling SSLv3 support for RPC client/server


#1

In effort to keep Neoscoin users secure, SSLv3 protocol in the RPC client/server is being removed in the next version of the coinbase (1.2.0.1) to force connections to use TLS.

This addresses the POODLE:SSLv3 vulnerability (CVE-2014-3566). POODLE stands for “Padding Oracle On Downgraded Legacy Encryption”. This vulnerability allows main-in-the-middle attacks to downgrade connections to SSL 3.0 even if both sides support higher protocols. You can find more information on this subject by reading the security advisory.

If you run anything using SSL connections (HTTP, FTP, SMTPS, etc) you might want to look into disabling it in those configurations as well.