[Owasp-board] Fwd: 10/28 update on disabling SSLv3 traffic on our network

Jim Manico jim.manico at owasp.org
Tue Oct 28 19:46:16 UTC 2014


SSLv3 is just theater anyhow, at least the browser will warn in this 
scenario....

+1

- Jim


On 10/28/14, 8:00 AM, Matt Tesauro wrote:
> FYI:  Akamai is disabling SSLv3 for CDN which is used by www.owasp.org 
> <http://www.owasp.org>.
>
> TLDR; some security Darwinism effects will be felt by those still 
> using Win XP + IE.  Looking quickly at our Google Analytics, IE 6 show 
> 217 out of our 80,384 sessions - i.e. not much traffic.
>
> Let me know if this is a problem for the board and I'll ping Akamai 
> for options.
>
> Cheers!
>
> ---------- Forwarded message ----------
> From: <ccare at akamai.com <mailto:ccare at akamai.com>>
> Date: Tue, Oct 28, 2014 at 11:30 AM
> Subject: 10/28 update on disabling SSLv3 traffic on our network
> To: matt.tesauro at owasp.org <mailto:matt.tesauro at owasp.org>
>
>
>
> This is a follow up to our message dated Oct 14, 2014 regarding the 
> "Poodle" Vulnerability 
> (https://blogs.akamai.com/2014/10/ssl-is-dead-long-live-tls.html).
>
> This an additional reminder that we are now in the process of 
> disabling SSLv3 between clients and Edge servers and expect to start 
> denying SSLv3 traffic around 28 Oct 2014 17:00 UTC in a phased 
> manner.  To avoid interruptions to your traffic on the client to Edge 
> side, please ensure that your clients support higher than SSLv3 
> protocols (particularly custom clients).
>
> Please contact Customer Care if you have any questions or if we can be 
> of any assistance.
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141028/6fe3f850/attachment.html>


More information about the Owasp-board mailing list