The Serpent

// Cursing the Internet since 1998

So Long, SSLv3

Posted June 26, 2015 Crypto

Now would be a good time to disable any and all SSLv3 still in use within your organisation, the IETF have officially labelled it as dead, thanks to RFC 7568.

SSLv3 suffered a string of vulnerabilities in the last couple of years, going beyond theoretical attacks and into the real world, sometimes actually being responsible to some high profile data leaks. So it’s a good idea to write it off as no longer secure.

Replacements include TLSv1.1 and TLSv1.2 so there’s no lack of good alternatives, and at least these still remain strong and unbroken.

So Long, SSLv3
Posted June 26, 2015
Written by John Payne