[Owasp-leaders] Fwd: POODLE SSL Vulnerability

Jason Johnson jason.johnson at owasp.org
Thu Oct 16 02:25:40 UTC 2014


Incase you have anything with old SSL still running.
---------- Forwarded message ----------
From: ProjectSeven <CORE at p7n.net>
Date: Wed, Oct 15, 2014 at 9:06 PM
Subject: POODLE SSL Vulnerability
To: Jason Johnson <info at owaspokc.com>, Cassie Parks <cassie0x1 at gmail.com>,
Jason Johnson <jason.johnson at owasp.org>


[image: ProjectSeven] <http://projectseven.us>
*Hello Jason,*

It has recently become apparent that a vulnerability exists in the SSL 3.0
protocol. In order to address this issue we will be adjusting SSL on our
servers by disabling SSL 2.0 and SSL 3.0, as well as ensuring only secure
ciphers are allowed. Please be aware this will cause some compatibility
issues for older browsers, such as Internet Explorer 6, after we implement
the change. If you would like to read more information on the
vulnerability, we have provided a link below for you to review:

https://www.openssl.org/~bodo/ssl-poodle.pdf  Follow us @PROJET7Status
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141015/14d9238e/attachment.html>


More information about the OWASP-Leaders mailing list