[Owasp-board] Fwd: 10/28 update on disabling SSLv3 traffic on our network
Tom Brennan - OWASP
tomb at owasp.org
Tue Oct 28 18:10:35 UTC 2014
Thanks for the heads up --- Matt can you provide any reports from Akamai on
utilization, most requested, blocks if we are using KONA etc...
Now that the Akamai service is up and running and operational -- would like
to baseline and measure it and share that data with the community if they
are interested in it like me.
Top requesting regions, countries, zones
Top page requests
Top unique visitors monthly
<insert other info>
On Tue, Oct 28, 2014 at 2:00 PM, Matt Tesauro <matt.tesauro at owasp.org>
> FYI: Akamai is disabling SSLv3 for CDN which is used by www.owasp.org.
> TLDR; some security Darwinism effects will be felt by those still using
> Win XP + IE. Looking quickly at our Google Analytics, IE 6 show 217 out of
> our 80,384 sessions - i.e. not much traffic.
> Let me know if this is a problem for the board and I'll ping Akamai for
> ---------- Forwarded message ----------
> From: <ccare at akamai.com>
> Date: Tue, Oct 28, 2014 at 11:30 AM
> Subject: 10/28 update on disabling SSLv3 traffic on our network
> To: matt.tesauro at owasp.org
> This is a follow up to our message dated Oct 14, 2014 regarding the
> "Poodle" Vulnerability (
> This an additional reminder that we are now in the process of disabling
> SSLv3 between clients and Edge servers and expect to start denying SSLv3
> traffic around 28 Oct 2014 17:00 UTC in a phased manner. To avoid
> interruptions to your traffic on the client to Edge side, please ensure
> that your clients support higher than SSLv3 protocols (particularly custom
> Please contact Customer Care if you have any questions or if we can be of
> any assistance.
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board