On Mon, Sep 28, 2015 at 12:33 PM, William A Rowe Jr <[email protected]> wrote:
> By which we mean TTLv1.0/SSLv3 because there is so little technical
> difference between them.
AORN {
I think there is enough difference to disable one by default and not
the other. The final straw for SSLv3 was POODLE. But POODLE on TLS
1.0 was fixable/fixed. The qualsys TLS best practice doc
differentiates them, and the scanner dings you seriously for SSLv3 and
not at all for TLS1.0. From my own support work, anecdotally,
commercial scan tools seem to treat things the same as qualsys.
}
--
Eric Covener
[email protected]
