Default support, right? We can turn it on for a site if we need to? I imagine many of those SAAS tools I have installed are not TLS-compliant... On 10/16/2014 12:38 PM, Jeremy MountainJohnson wrote: > Mozilla is getting rid of SSLv3 in version 34. I imagine Chrome will > follow, and MS will phase it out on the client side for supported > versions. The biggest issue the browsers have is not supporting it and > web sites that depend on SSL 3.0. IMO these sites should join the herd > and migrate over to TLS. > > Apache, nginx, and IIS can all be configured not to authenticate using > SSLv3 chain with their respectively configured certificates. This is > what most web admins are doing, in conjunction with killing support > for older browser versions. For example, anything below IE 8 depends > on SSLv3, so these browsers are out of luck (and significantly out of > date) for accessing sites configured to not us SSLv3. > > Also, EFF had a notification about upgrading the HTTPS everywhere > plugin, the latest version will mitigate (prevent) the use of SSLv3 > certs. > > -- > Jeremy MountainJohnson > Jeremy.MountainJohnson at gmail.com > > > On Thu, Oct 16, 2014 at 12:10 PM, gregrwm <tclug1 at whitleymott.net> wrote: >> poodle i think i understand, disable ssl in servers and browsers. >> breach/crime are still issues too if i read correctly, tho i'm less sure i >> understand, but i think the advice is encrypt or compress as you wish, but >> don't do both. the question: where are we at with firefox, chrome, and >> apache regarding following this advice? >> >> _______________________________________________ >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> tclug-list at mn-linux.org >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list >> > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list