[Owasp-board] Fwd: 10/28 update on disabling SSLv3 traffic on our network
jim.manico at owasp.org
Tue Oct 28 19:46:16 UTC 2014
SSLv3 is just theater anyhow, at least the browser will warn in this
On 10/28/14, 8:00 AM, Matt Tesauro wrote:
> FYI: Akamai is disabling SSLv3 for CDN which is used by www.owasp.org
> TLDR; some security Darwinism effects will be felt by those still
> using Win XP + IE. Looking quickly at our Google Analytics, IE 6 show
> 217 out of our 80,384 sessions - i.e. not much traffic.
> Let me know if this is a problem for the board and I'll ping Akamai
> for options.
> ---------- Forwarded message ----------
> From: <ccare at akamai.com <mailto:ccare at akamai.com>>
> Date: Tue, Oct 28, 2014 at 11:30 AM
> Subject: 10/28 update on disabling SSLv3 traffic on our network
> To: matt.tesauro at owasp.org <mailto:matt.tesauro at owasp.org>
> This is a follow up to our message dated Oct 14, 2014 regarding the
> "Poodle" Vulnerability
> This an additional reminder that we are now in the process of
> disabling SSLv3 between clients and Edge servers and expect to start
> denying SSLv3 traffic around 28 Oct 2014 17:00 UTC in a phased
> manner. To avoid interruptions to your traffic on the client to Edge
> side, please ensure that your clients support higher than SSLv3
> protocols (particularly custom clients).
> Please contact Customer Care if you have any questions or if we can be
> of any assistance.
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board