[Owasp-board] Fwd: 10/28 update on disabling SSLv3 traffic on our network

Tobias tobias.gondrom at owasp.org
Wed Oct 29 04:01:56 UTC 2014


+1
Best regards, Tobias


On 29/10/14 03:46, Jim Manico wrote:
> SSLv3 is just theater anyhow, at least the browser will warn in this 
> scenario....
>
> +1
>
> - Jim
>
>
> On 10/28/14, 8:00 AM, Matt Tesauro wrote:
>> FYI:  Akamai is disabling SSLv3 for CDN which is used by 
>> www.owasp.org <http://www.owasp.org>.
>>
>> TLDR; some security Darwinism effects will be felt by those still 
>> using Win XP + IE.  Looking quickly at our Google Analytics, IE 6 
>> show 217 out of our 80,384 sessions - i.e. not much traffic.
>>
>> Let me know if this is a problem for the board and I'll ping Akamai 
>> for options.
>>
>> Cheers!
>>
>> ---------- Forwarded message ----------
>> From: <ccare at akamai.com <mailto:ccare at akamai.com>>
>> Date: Tue, Oct 28, 2014 at 11:30 AM
>> Subject: 10/28 update on disabling SSLv3 traffic on our network
>> To: matt.tesauro at owasp.org <mailto:matt.tesauro at owasp.org>
>>
>>
>>
>> This is a follow up to our message dated Oct 14, 2014 regarding the 
>> "Poodle" Vulnerability 
>> (https://blogs.akamai.com/2014/10/ssl-is-dead-long-live-tls.html).
>>
>> This an additional reminder that we are now in the process of 
>> disabling SSLv3 between clients and Edge servers and expect to start 
>> denying SSLv3 traffic around 28 Oct 2014 17:00 UTC in a phased 
>> manner.  To avoid interruptions to your traffic on the client to Edge 
>> side, please ensure that your clients support higher than SSLv3 
>> protocols (particularly custom clients).
>>
>> Please contact Customer Care if you have any questions or if we can 
>> be of any assistance.
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141029/e68df131/attachment.html>


More information about the Owasp-board mailing list