Re: Truly scary SSL 3.0 vuln to be revealed soon:

[Reed Loden <reed () reedloden com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 14 Oct 2014 13:15:41 +0200
Hanno Böck <hanno () hboeck de> wrote:

> A number of people already recommend disabling SSLv3, e.g. the Qualys
> configuration guide. Disable it now - no matter if the rumors about a
> serious vuln are true, you'll be safe.

https://wiki.mozilla.org/Security/Server_Side_TLS has some great info
on configuring your web servers and load balancers to have the best
possible SSL/TLS settings, including specific example configs to help
you out.

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iKYEARECAGYFAlQ9NV5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDZCNTZGOUFDMDdCNjg1RDdEQzQ1NjBEQTZC
QTIyMjI2RjNDMzNENUEACgkQa6IiJvPDPVpviQCgkXv+V3uzoLKuNAITQt33kSn5
upwAn0TxonRRgEPZYyqUaTIsRlgKkqm7
=fmf8
-----END PGP SIGNATURE-----