[Owasp-board] Fwd: 10/28 update on disabling SSLv3 traffic on our network
tobias.gondrom at owasp.org
Wed Oct 29 04:01:56 UTC 2014
Best regards, Tobias
On 29/10/14 03:46, Jim Manico wrote:
> SSLv3 is just theater anyhow, at least the browser will warn in this
> - Jim
> On 10/28/14, 8:00 AM, Matt Tesauro wrote:
>> FYI: Akamai is disabling SSLv3 for CDN which is used by
>> www.owasp.org <http://www.owasp.org>.
>> TLDR; some security Darwinism effects will be felt by those still
>> using Win XP + IE. Looking quickly at our Google Analytics, IE 6
>> show 217 out of our 80,384 sessions - i.e. not much traffic.
>> Let me know if this is a problem for the board and I'll ping Akamai
>> for options.
>> ---------- Forwarded message ----------
>> From: <ccare at akamai.com <mailto:ccare at akamai.com>>
>> Date: Tue, Oct 28, 2014 at 11:30 AM
>> Subject: 10/28 update on disabling SSLv3 traffic on our network
>> To: matt.tesauro at owasp.org <mailto:matt.tesauro at owasp.org>
>> This is a follow up to our message dated Oct 14, 2014 regarding the
>> "Poodle" Vulnerability
>> This an additional reminder that we are now in the process of
>> disabling SSLv3 between clients and Edge servers and expect to start
>> denying SSLv3 traffic around 28 Oct 2014 17:00 UTC in a phased
>> manner. To avoid interruptions to your traffic on the client to Edge
>> side, please ensure that your clients support higher than SSLv3
>> protocols (particularly custom clients).
>> Please contact Customer Care if you have any questions or if we can
>> be of any assistance.
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board