[175236] in North American Network Operators' Group
Re: SSL 3 vulnerability released
daemon@ATHENA.MIT.EDU (Reed Loden)
Tue Oct 14 19:51:46 2014
X-Original-To: nanog@nanog.org
Date: Tue, 14 Oct 2014 16:51:35 -0700
From: Reed Loden <reed@reedloden.com>
To: nanog@nanog.org
In-Reply-To: <CAPiURgUFB4K6qon7Cfywut7d1FwzY6iNVNyK0Q3M-F_it_xMVA@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
On Tue, 14 Oct 2014 16:29:50 -0700
Grant Ridder <shortdudey123@gmail.com> wrote:
> Just incase anyone hasn't seen yet...
> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
One thing that's always useful to follow is Mozilla's TLS on servers
recommendations (https://wiki.mozilla.org/Security/Server_Side_TLS).
It's kept up-to-date pretty often and includes example configs for most
web servers / load balancers (including ELBs).
If you're able to (depending on who your customers are and what
browsers they use), I would try to use at least the 'intermediate'
configuration for anything that terminates SSL/TLS.
~reed
