[Owasp-board] Fwd: 10/28 update on disabling SSLv3 traffic on our network

Matt Tesauro matt.tesauro at owasp.org
Tue Oct 28 18:00:46 UTC 2014


FYI:  Akamai is disabling SSLv3 for CDN which is used by www.owasp.org.

TLDR; some security Darwinism effects will be felt by those still using Win
XP + IE.  Looking quickly at our Google Analytics, IE 6 show 217 out of our
80,384 sessions - i.e. not much traffic.

Let me know if this is a problem for the board and I'll ping Akamai for
options.

Cheers!

---------- Forwarded message ----------
From: <ccare at akamai.com>
Date: Tue, Oct 28, 2014 at 11:30 AM
Subject: 10/28 update on disabling SSLv3 traffic on our network
To: matt.tesauro at owasp.org



This is a follow up to our message dated Oct 14, 2014 regarding the
"Poodle" Vulnerability (
https://blogs.akamai.com/2014/10/ssl-is-dead-long-live-tls.html).

This an additional reminder that we are now in the process of disabling
SSLv3 between clients and Edge servers and expect to start denying SSLv3
traffic around 28 Oct 2014 17:00 UTC in a phased manner.  To avoid
interruptions to your traffic on the client to Edge side, please ensure
that your clients support higher than SSLv3 protocols (particularly custom
clients).

Please contact Customer Care if you have any questions or if we can be of
any assistance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141028/7a62c6fe/attachment.html>


More information about the Owasp-board mailing list