Configuring Apache to Disable SSL v 3.0 The Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf, and it is easy to update the Apache web server to disable SSLv3 (and thus protect your websites » Continue Reading.
Tag: SSL 3.0
POODLE SSL / TLS You probably remember hearing about the POODLE vulnerability back in October when Google engineers first publicly released information about it. POODLE stands for Padding Oracle On Downgraded Legacy Encryption and basically allows for a Man-in-the-Middle (MitM) attack. Originally, it was thought to » Continue Reading.
You may or may not have heard about this yet (it is the holiday season), but we wanted to make note of the Firefox 34 Update disabling support for SSL 3.0. Looking at the release notes for this version will give you a quick summary » Continue Reading.
Microsoft, Google and Mozilla have all announced various plans to stop supporting SHA-1 SSL certificates after January 1, 2017. As a result, SSL.com began issuing SSL certificates using only SHA-2 (aka SHA-256) as the default hashing algorithm starting September 24, 2014. There are no special flags » Continue Reading.
Holiday Shopping with SSL If you’re involved with internet security at all, you know that SSL 3.0 has been deemed unsafe by Google and many others. Today, PayPal announced that they will be discontinuing support for Secure SocketsLayer version 3.0 starting in December according to » Continue Reading.
SSL 3.0 POODLE Update Since Google announced the problem with POODLE (Padding Oracle On Downgraded Legacy Encryption,) last Monday, a lot of people have been busy trying to make sure that the vulnerability is patched one way or another. We thought it would be a good » Continue Reading.
SSL 3.0 Poodle POODLE == (Padding Oracle On Downgraded Legacy Encryption) As you should probably know by now, a somewhat nasty SSL 3.0 bug has been revealed. The news is causing a lot of waves online, but the important question is whether or not a patch » Continue Reading.
Officially, SSL (Secure Socket Layer) 2.0 is the last version of SSL. It is now called TLS (Transport Layer Security), but the general public still refers to it as as SSL. TLS 1.0 can, in essence, be considered SSL 3.0. TLS has had two minor » Continue Reading.