All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Have you disabled SSLv3 yet?
DalekOfSkaro
Member
Quoting Google:
SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.
Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.
Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly.
Here's the source article.
Comments
Well, goodbye IE6, good riddance
Oh man, does anyone even use this thing anymore? Even IE7 and 8 are almost dead (I hope).... I don't even use Windows, thank GOD!
Just use https://www.ssllabs.com/ssltest/analyze.html to test your implementation .
Don't we all?
Yes, we do. The site has already been too busy to finish any test .
I think I will stay with Firefox 3.
Yep, it's overloaded! I've had SSLv3 disabled a while ago anyways, so I still score an A+!
I went to tweak my Nginx config yesterday and found out SSLv3 has been turned off for a while now. The only OS/Browser that doesn't support at least TLS1.0 is XP/IE6, right?
Eons ago.
https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
If its one thing I can't stand it's Internet Exploder.
Yes. Some stubborn corporates with cranky ActiveX components.
ActiveX.....
>
How nice of you to link to my Articles. Most of the time I spam (promote) them myself.
On this bug, I had to script a bit to check a range of nodes for one of my clients, about 15,000. Scripting helps there:
https://raymii.org/s/articles/Check_servers_for_the_Poodle_bug.html
A reliable source for the correct settings for most web servers is the Mozilla wiki:
https://wiki.mozilla.org/Security/Server_Side_TLS
Yes, LowEndTalk and LowEndBox have SSL 3.0 disabled.
Haha. That made me chuckle more than it should have.
It's true though https://www.ssllabs.com/ssltest/analyze.html?d=lowendtalk.com&s=190.93.242.77
The HTTPS redirect is secure
I had a double-take on your username for I read it "penetrate".
Thanks, Dyslexia.
The place where I worked at (internship) had everyone running IE8 because the software we needed for the company would not support anything else (including Chrome and Firefox). It was only in the last 2 weeks of my contract that they finally upgraded it and added support for IE11.
Apache 2.2.22-13+deb7u3 supports ECDHE in Wheezy.
Does somebody experience paypal ipn problems after disabling it?
Is it just me or are there plenty of exploits hitting the press at the minute?
No worries... No Dyslexia here, but still I read "penetrate" every time he posts. Must be hormonic, need to "see" my partner more often, I guess... ;-)
I have disabled it since about 6-8 Months ago