[Resolved] LSWS 5.0 RC3 Enables SSL V3

[MattW]

I've been testing LSWS 5.0 RC3 on my dev server, and sticking the site behind HTTPS and testing against various test sites, shows SSLV3 is enabled. This should be disabled (disabled with the cPanel apache settings).

Swapping back to LSWS 4.2.22 and re-running the tests shows SSLV3 is disabled again.

CentOS 6.6 64bit with cPanel 11.48.2 (build 3)

 

[mistwang]

Please force reinstall 5.0RC3 to get the latest build. it should have been addressed a while back.

/usr/local/lsws/admin/misc/lsup.sh -f -v 5.0RC3

 

[MattW]

I've just done an install of 5.0 on a new server.

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4

Shows SSL V3 enabled again!

 

[dethfire]

Please fix the SSL V3 problem

 

[Alexandru]

Indeed please fix , no idea why it's taking litespeed so long period of time to solve a cipher issue or to at least respond.

 

[MattW]

Totally agree. This is a show stopper for ANYONE wanting to run HTTPS with 5.0

 

[mistwang]

This should have been fixed with 5.0 build 1 .
Please do

/usr/local/lsws/admin/misc/lsup.sh -f -v 5.0

 

[MattW]

Thanks, testing it now

 

[MattW]

It's fixed