Security: PEPS is vulnerable to a POODLE attack, as it has SSL v3 enabled

[tiangolo]

Security: PEPS is vulnerable to a POODLE attack, as it has enabled SSL v3

Opening: https://www.ssllabs.com/ssltest/analyze.html?d= + <domain with PEPS> scans the server for security risks.

A simple way to fix this would be to enable simple direct HTTP access and then letting users put a termination TLS proxy (as a HAProxy) instead of implementing TPS in PEPS' code.

It would also be simpler to configure encryption with Let's Encrypt using an additional proxy than trying to update the certificates used by PEPS in its implementation of TLS.

[hbbio]

Thanks. This is done in the forthcoming version.