Am 15.10.2014 um 01:25 schrieb Jason J. W. Williams:
We've been running our sites with SSLv3 off for sometime, since we only support IE7 and newer in our services. Disabling SSLv3 hurts folks who need to support IE6 clients primarily.
if they really do need MSIE6 it's one checkbox in the settings to enable TLS which i do at least since 2003 on every windows setup hence i was shocked to get a complaint about disable ssl3 while all my test VM's worked just fine
that was before EOL of WinXP these days i would respond with "get rid of it or RTFM and enable TLS"
On Tue, Oct 14, 2014 at 4:23 PM, Scott Beardsley <[email protected]> wrote:Is there an easy way to quantify the impact before turning SSLv3 off? Maybe by looking at logs? On Tuesday, October 14, 2014 4:18 PM, Brian Geffon <[email protected]> wrote: cc: users@ For users who want to immediately disable SSLv3 you should only need to change proxy.config.ssl.SSLv3 in records.config to 0 and bounce traffic_server. Brian On Tue, Oct 14, 2014 at 4:13 PM, Leif Hedstrom <[email protected]> wrote: Now that the POODLE is out of the bag, I think we should consider changing this for v5.1.1: {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} I believe this does have a drawback: certain browsers / UAs on some OSes might not have TLS support. I think (but not 100% certain) that IE on Windows/XP is one such case? Thoughts? — Leif http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
signature.asc
Description: OpenPGP digital signature
