Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lessons learned disabling SSLv3

From: Will Froning <will.froning () GMAIL COM>
Date: Sat, 28 Mar 2015 23:59:55 -0500
Hello All,

One thing to keep in mind, Outlook 2011 for Mac requires SSLv3 when
connecting to Exchange.

https://answers.microsoft.com/en-us/mac/forum/macoffice2011-macoutlook/outlook-2011-to-use-sslv3/7e777e6b-9e92-4a89-8874-d357c4bdf6ef

Thanks,
Will


On Tue, Mar 24, 2015 at 10:47 AM, Woodruff, Dan <
daniel.woodruff () rochester edu> wrote:


We are working to disable SSLv3 in favor of at least TLS1.0 (possibly
higher) on all web servers at the University. We have some concerns about
browser compatibility issues with the versions of TLS. All modern browsers
support at least TLSv1.0 so we anticipate that the impact to our community
will be low if we disabled only SSLv3. If we disabled TLSv1.0 as well, it
seems more browsers would have compatibility issues. Source:
http://en.wikipedia.org/wiki/Transport_Layer_Security



For systems that are managed by the University, we can make broad
configuration changes as needed, but we also have students and outside
parties with machines not under our control. I’m wondering if other schools
have gone through this effort to disable SSLv3 and/or TLSv1.0 and have any
lessons learned or unexpected consequences they could share?



Thanks in advance,



Dan Woodruff

University IT Security and Policy

University of Rochester







-- 
  Will Froning
  Will.Froning () GMail com
Previous By Date Next
Previous By Thread Next

Current thread: