SSL POODLE (CVE-2014-3566) vulnerabilities amongst the customer base

Hi, By now you have probably been made aware of a security deficiency in the design of SSL 3.0 which has been dubbed "POODLE". Here's some more info: http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploi… I am writing to you because, unless this script is flawed: https://gist.github.com/bitfolk/18e8f48ebe937e802967 then there are over 150 customer IPs at BitFolk that are still supporting SSLv3 on port 443. I don't intend to open tickets with individual customers and nag until this is fixed, because it's very time-consuming to do that. To check if your server needs reconfiguring: https://www.tinfoilsecurity.com/poodle To disable SSLv3 on Apache newer than 2.2: Add "-SSLv3" to the end of the "SSLProtocol" line which can normally be found in /etc/apache2/mods-available/ssl.conf on Debian and Ubuntu. On Apache 2.2 or older: You'll need to use "SSLProtocol TLSv1" Nginx: Make sure that the "ssl_protocols" line does not contain the string "SSLv3". e.g.: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; is good. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting