Did you already handle “POODLE” issue, i.e. CVE-2014-3566? OpenSSL Security Advisory [15 Oct 2014] is also related to this.
First, as a web site operator:
I haven’t got the new version build with 1.0.1j from Apache Lounge yet, so I’ve done the workaround I read on “SSL v3 goes to the dogs – POODLE kills off protocol”.
I added the SSLProtocol All -SSLv3 to my httpd-ssl.conf and restarted the httpd.exe. Before this, SSL Server Test gave me “This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C”. But after this, it gave me “This server is not vulnerable to the POODLE attack because it doesn’t support SSL 3”. Actually, I use Apache 2.4 and OpenSSL 1.0.1, so at my mod_ssl ‘SSLProtocol all’ means ‘SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2’ according to SSLProtocol Directive.
Second, as a user:
I did the following workaround. See “How to protect your browser”.
Edit(Oct.18):
PHP 5.6.1 —>> PHP 5.6.2 ChangeLog.
phpMyAdmin 4.2.9.1 —>> phpMyAdmin 4.2.10 ChangeLog.