Posts

Possible SSLv3 Vulnerability

“The Register has learned that news of yet another security vulnerability – this time in SSL 3.0 – is probably imminent.”
While this is currently unverified, it’s still good to take a look at if any services of yours are using SSLv3. SSLv3 came out in 1996, and have since been superseded by TLSv1.0, TLSv1.1 and eventually TLSv1.2.

The recommendation is to disable SSLv3, although this does mean that those using Windows XP (which has been End of Life for a while now) with Internet Explorer 6 (but Internet Explorer 7 would work) are unable to access the service.

More information:
http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/