SSL 3 vulnerability released

• Previous message (by thread): SSL 3 vulnerability released
• Next message (by thread): Multi-port RFC2544/EtherSAM loopback appliance
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 14 Oct 2014 16:29:50 -0700
Grant Ridder <shortdudey123 at gmail.com> wrote:

> Just incase anyone hasn't seen yet...
> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

One thing that's always useful to follow is Mozilla's TLS on servers
recommendations (https://wiki.mozilla.org/Security/Server_Side_TLS).
It's kept up-to-date pretty often and includes example configs for most
web servers / load balancers (including ELBs).

If you're able to (depending on who your customers are and what
browsers they use), I would try to use at least the 'intermediate'
configuration for anything that terminates SSL/TLS.

~reed

• Previous message (by thread): SSL 3 vulnerability released
• Next message (by thread): Multi-port RFC2544/EtherSAM loopback appliance
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]