Snort mailing list archives
Snort Blog: Requiring at least TLS 1.2 for Snort.org
From: "Joel Esler \(jesler\) via Snort-devel" <snort-devel () lists snort org>
Date: Fri, 6 Apr 2018 21:20:48 +0000
https://blog.snort.org/2018/04/requiring-at-least-tls-12-for-snortorg.html Requiring at least TLS 1.2 for Snort.org<http://Snort.org> Later this month, (currently planning) around April 25th, we will be forcing everyone who visits Snort.org<http://Snort.org>, either via API (oinkcode) or the website to at least negotiate at TLS version 1.2 or 1.3. Today we do not enforce this restriction, but as we move more and more things here at Snort / Talos / ClamAV to a more secure environment, we want to make sure everyone is doing so, at the best possible encryption level. We already enforce HTTPS for every connection to any host on the snort.org<http://snort.org> domain (to include blog.snort.org<https://blog.snort.org/> starting this week, in case you didn't notice), and all HTTP connections are now redirected to HTTPS. This change hasn't had any negative impact (as far as we can tell), as only 7% of connections in the past month to the snort.org<http://snort.org> domain were over HTTP. What we are concerned about, are very old installations of Snort boxes out there that haven't been updated in some time (we know they exist), not being able to connect to Snort.org<http://Snort.org> anymore. We are assuming the majority of these to be blocked already, as they are attempting to download version "2.4.4" of the ruleset for example. However, In an abundance of caution, and to isolate any issues that this may have, I figured I'd write this blog post just in case. -- Joel Esler Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Blog: Requiring at least TLS 1.2 for Snort.org Joel Esler (jesler) via Snort-devel (Apr 06)