Lighttpd 1.4.36 Disables SSL 3.0 By Default
A new version is out of Lighttpd, the lightweight, performance-oriented web server. Like the stance of other web servers and browsers, SSL 3.0 support is being disabled by default.
With today's release of Lighttpd 1.4.36, SSL 3.0 support is disabled by default given that this version is no longer secure, there are critical issues with SSLv3 (POODLE), and various other projects have been working to eliminate SSLv3.
Besides disabling SSL 3.0 support, there is also now escaping of all strings for logging, some segmentation fault fixes, changes to the internal API, and a variety of bug-fixes.
Those interested in this high performance web server can find more details about the Lighttpd 1.4.36 changes via lighttpd.net.
With today's release of Lighttpd 1.4.36, SSL 3.0 support is disabled by default given that this version is no longer secure, there are critical issues with SSLv3 (POODLE), and various other projects have been working to eliminate SSLv3.
Besides disabling SSL 3.0 support, there is also now escaping of all strings for logging, some segmentation fault fixes, changes to the internal API, and a variety of bug-fixes.
Those interested in this high performance web server can find more details about the Lighttpd 1.4.36 changes via lighttpd.net.
3 Comments