Default support, right? We can turn it on for a site if we need to? I 
imagine many of those SAAS tools I have installed are not TLS-compliant...

On 10/16/2014 12:38 PM, Jeremy MountainJohnson wrote:
> Mozilla is getting rid of SSLv3 in version 34. I imagine Chrome will
> follow, and MS will phase it out on the client side for supported
> versions. The biggest issue the browsers have is not supporting it and
> web sites that depend on SSL 3.0. IMO these sites should join the herd
> and migrate over to TLS.
> Apache, nginx, and IIS can all be configured not to authenticate using
> SSLv3 chain with their respectively configured certificates. This is
> what most web admins are doing, in conjunction with killing support
> for older browser versions. For example, anything below IE 8 depends
> on SSLv3, so these browsers are out of luck (and significantly out of
> date) for accessing sites configured to not us SSLv3.
> Also, EFF had a notification about upgrading the HTTPS everywhere
> plugin, the latest version will mitigate (prevent) the use of SSLv3
> certs.
> --
> Jeremy MountainJohnson
> Jeremy.MountainJohnson at
> On Thu, Oct 16, 2014 at 12:10 PM, gregrwm <tclug1 at> wrote:
>> poodle i think i understand, disable ssl in servers and browsers.
>> breach/crime are still issues too if i read correctly, tho i'm less sure i
>> understand, but i think the advice is encrypt or compress as you wish, but
>> don't do both.  the question:  where are we at with firefox, chrome, and
>> apache regarding following this advice?
>> _______________________________________________
>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> tclug-list at
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at