Welcome! Log In Create A New Profile

Re: SSL 3 is dead, killed by the POODLE attack

Forum List Message List New Topic Print View

Maxim Dounin

October 17, 2014 08:52AM

Hello!

On Fri, Oct 17, 2014 at 03:18:30PM +0300, Gena Makhomed wrote:

>
> Кстати, Ivan Ristić из SSL Labs считает, что:
>
> SSL 3 is dead, killed by the POODLE attack
> https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack
>
> И рекомендует всем системным администраторам:
>
> [...] As a web site operator, you should disable SSL 3
> on your servers as soon as possible. You need to do this
> even if you support the most recent TLS version [...]

С тех пор, как Ivan это написал, прошло уже аж два дня. За это
время как минимум вышел OpenSSL с fallback protection, и
нарисовалась свежая Opera с fallback protection и anti-POODLE
record splitting. Если развитие ситуации и дальше пойдёт такими
темпами - то через пару недель про POODLE можно будет забыть, как
в своё время забыли про BEAST.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Reply Quote

RSS

Subject	Author	Posted
SSL 3 is dead, killed by the POODLE attack	Gena Makhomed	October 17, 2014 08:20AM
Re: SSL 3 is dead, killed by the POODLE attack	Maxim Dounin	October 17, 2014 08:52AM
Re: SSL 3 is dead, killed by the POODLE attack	Илья Шипицин	October 20, 2014 05:20AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 163

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018