Hi,

By now you have probably been made aware of a security deficiency in
the design of SSL 3.0 which has been dubbed "POODLE". Here's some
more info:

    http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html

I am writing to you because, unless this script is flawed:

    https://gist.github.com/bitfolk/18e8f48ebe937e802967

then there are over 150 customer IPs at BitFolk that are still
supporting SSLv3 on port 443.

I don't intend to open tickets with individual customers and nag
until this is fixed, because it's very time-consuming to do that.

To check if your server needs reconfiguring:

    https://www.tinfoilsecurity.com/poodle

To disable SSLv3 on Apache newer than 2.2:

    Add "-SSLv3" to the end of the "SSLProtocol" line which can
    normally be found in /etc/apache2/mods-available/ssl.conf on
    Debian and Ubuntu.

On Apache 2.2 or older:

    You'll need to use "SSLProtocol TLSv1"

Nginx:

    Make sure that the "ssl_protocols" line does not contain the
    string "SSLv3". e.g.:

    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;

    is good.

Cheers,
Andy

--
http://bitfolk.com/ -- No-nonsense VPS hosting

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAlQ/rSwACgkQIJm2TL8VSQv8IwCfZa8X8H+RjGxAOusfgcn3ZSar
J8IAoJbggsoEy1cuSApgf9rZa6mIQQjw
=CWAi
-----END PGP SIGNATURE-----

_______________________________________________
announce mailing list
announce@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users