yeah, the people who maintain such things have basically given up coming up with weird work around for weaknesses in the ssl standard.  That covers ssl 2.0 and ssl 3.0.  TLS is the new hotness.  While we're talking about that, also remember to disable all export ciphers.

The downside of this is that this WILL break people's abilities to get to your site if they're using older browsers.  Thems the breaks.  hehe..  puns.

On Thu, Mar 26, 2015 at 5:16 PM, Victor Odhner <vodhner@cox.net> wrote:
I’ve been told that SSL of any flavor is unfixably insecure, and that TLS is the way to go. But maybe you meant TLS, some people call it SSL generically because it’s still HTTPS.
______________________

On Mar 26, 2015, at 16:26:18, Eric Cope <eric.cope@gmail.com> wrote:

do your apache logs show anything related to Mac useragents being rejected due to "too low ssl"?

On Thu, Mar 26, 2015 at 3:09 PM, Keith Smith <techlists@phpcoderusa.com> wrote:

Hi,

I'm stuck and am looking for a little help.

I have completed a PCI scan for one of the servers I support.  It complained about a couple things.  One was the need to use more restrictive SSL protocols.  With some help from the data center I was able to update the SSLProtocol and the SSLCipherSuite so the server would pass the scan.

I am now hearing from customer service that they are receiving some complaints that some cannot reach the website.  I've asked customer service to ask a couple questions so I can understand better what is taking place.  I assume the issue is older browsers.

At this point what I am being told is Macs with Safari and Firefox (no version info).  Apparently the message they see is "this page cannot be displayed".

I took a look at the httpd access and error logs and nothing jumps out at me.  The server is running CentOS 6.6.

Is there other things I can look at or do to troubleshoot this issue?

Thank you very much!!

Keith

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
James McPhee
jmcphe@gmail.com