SSLv3

We will be disabling all SSLv3 over the coming weeks. That test doesn't test for your sites talking to Auth.net however, that will work as TLS is on the servers.
 
Stephen, will you also be disabling SSLv2? That looks to still be active according to that test.
 
ALL SSL will be disabled, and only TLS enabled.

However this will mean people using ancient browsers can no longer view the HTTPS pages, but it is required to remove all SSL at this point.
 
At what point will the SSL be turned off? And besides people using ancient browsers, is there any concern we should have with modifying our secure websites.
 
microweb said:
At what point will the SSL be turned off? And besides people using ancient browsers, is there any concern we should have with modifying our secure websites.
Click to expand...
Most of the internet is disabling it, so if they have issues after it is done, they basically won't be able to use any secure sites after SSL is disabled on most sites in the coming weeks. We have been on small staff crews due to holiday in India but are about back to normal now. This means we will likely start about Nov 5 to 10th removing SSL completely from all servers and moving only to TLS for https secured connections.

The only 'concern' is for older browsers and they just have to get with the times, browsing with such an old browser is probably not even working properly for majority of the sites.
 
The SSLv1/2/3 removal is completed on all 2008+ servers, the 2003 servers we tested but it was not reordering properly and SSLv3 was staying enabled, so we will handle that on as needed basis to move clients on 2003 with SSL early before their server is upgraded, should they desire it before we get to the server migration. There are not many servers remaining on Windows 2003 at this point.
 
You must log in or register to reply here.
Back
Top