id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
11167	disable SSL v3 for josm.openstreetmap.de	aseerel4c26	stoecker	"Please see and improve on https://www.ssllabs.com/ssltest/analyze.html?d=josm.openstreetmap.de

Most importantly: ""This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate.""

Does anyone really need that protocol from the nineties?! According to the qualys article a major issue is ""Internet Explorer 6 on Windows XP"". But.. ehm.. yes, enough said.

Of course there is other stuff to work on (RC4 for example), but that is not that important and likely is more difficult. Disabling SSL just needs a tiny config change on the web server.

Thank you!"	defect	closed	normal		Trac		fixed	ssl homepage security