Date: Tue, 14 Oct 2014 07:38:18 -0700 From: Reed Loden <reed@...dloden.com> To: oss-security@...ts.openwall.com Subject: Re: Truly scary SSL 3.0 vuln to be revealed soon: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 14 Oct 2014 13:15:41 +0200 Hanno Böck <hanno@...eck.de> wrote: > A number of people already recommend disabling SSLv3, e.g. the Qualys > configuration guide. Disable it now - no matter if the rumors about a > serious vuln are true, you'll be safe. https://wiki.mozilla.org/Security/Server_Side_TLS has some great info on configuring your web servers and load balancers to have the best possible SSL/TLS settings, including specific example configs to help you out. ~reed -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iKYEARECAGYFAlQ9NV5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDZCNTZGOUFDMDdCNjg1RDdEQzQ1NjBEQTZC QTIyMjI2RjNDMzNENUEACgkQa6IiJvPDPVpviQCgkXv+V3uzoLKuNAITQt33kSn5 upwAn0TxonRRgEPZYyqUaTIsRlgKkqm7 =fmf8 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ