Did you already handle “POODLE” issue, i.e. CVE-2014-3566? OpenSSL Security Advisory [15 Oct 2014] is also related to this.
First, as a web site operator:
I haven’t got the new version build with 1.0.1j from Apache Lounge yet, so I’ve done the workaround I read on “SSL v3 goes to the dogs – POODLE kills off protocol”.
I added the
SSLProtocol All -SSLv3 to my httpd-ssl.conf and restarted the httpd.exe. Before this, SSL Server Test gave me “This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C”. But after this, it gave me “This server is not vulnerable to the POODLE attack because it doesn’t support SSL 3”.
Second, as a user:
I did the following workaround. See “How to protect your browser”.
PHP 5.6.1 —>> PHP 5.6.2 ChangeLog.
phpMyAdmin 220.127.116.11 —>> phpMyAdmin 4.2.10 ChangeLog.