oss-sec mailing list archives
Re: Truly scary SSL 3.0 vuln to be revealed soon:
From: Alex Gaynor <alex.gaynor () gmail com>
Date: Tue, 14 Oct 2014 08:23:23 -0700
At what point are we going to decide that it's absurd for every single TLS deployment to need to reconfigure everything in order to achieve strong security, and say that OpenSSL (or even Apache/Nginx/HAProxy/etc.) should just configure things reasonably out of the box? Alex On Tue, Oct 14, 2014 at 7:38 AM, Reed Loden <reed () reedloden com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 14 Oct 2014 13:15:41 +0200 Hanno Böck <hanno () hboeck de> wrote:A number of people already recommend disabling SSLv3, e.g. the Qualys configuration guide. Disable it now - no matter if the rumors about a serious vuln are true, you'll be safe.https://wiki.mozilla.org/Security/Server_Side_TLS has some great info on configuring your web servers and load balancers to have the best possible SSL/TLS settings, including specific example configs to help you out. ~reed -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iKYEARECAGYFAlQ9NV5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDZCNTZGOUFDMDdCNjg1RDdEQzQ1NjBEQTZC QTIyMjI2RjNDMzNENUEACgkQa6IiJvPDPVpviQCgkXv+V3uzoLKuNAITQt33kSn5 upwAn0TxonRRgEPZYyqUaTIsRlgKkqm7 =fmf8 -----END PGP SIGNATURE-----
-- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084
Current thread:
- Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Alex Gaynor (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Walter Parker (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Brandon Whaley (Oct 15)
- list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Oct 15)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)