yeah, the people who maintain such things have basically given up coming up
with weird work around for weaknesses in the ssl standard. That covers ssl
2.0 and ssl 3.0. TLS is the new hotness. While we're talking about that,
also remember to disable all export ciphers.
The downside of this is that this WILL break people's abilities to get to
your site if they're using older browsers. Thems the breaks. hehe.. puns.
On Thu, Mar 26, 2015 at 5:16 PM, Victor Odhner <
vodhner@cox.net> wrote:
> I’ve been told that SSL of any flavor is unfixably insecure, and that TLS
> is the way to go. But maybe you meant TLS, some people call it SSL
> generically because it’s still HTTPS.
> ______________________
>
> On Mar 26, 2015, at 16:26:18, Eric Cope <eric.cope@gmail.com> wrote:
>
> do your apache logs show anything related to Mac useragents being rejected
> due to "too low ssl"?
>
> On Thu, Mar 26, 2015 at 3:09 PM, Keith Smith <techlists@phpcoderusa.com>
> wrote:
>
>>
>> Hi,
>>
>> I'm stuck and am looking for a little help.
>>
>> I have completed a PCI scan for one of the servers I support. It
>> complained about a couple things. One was the need to use more restrictive
>> SSL protocols. With some help from the data center I was able to update
>> the SSLProtocol and the SSLCipherSuite so the server would pass the scan.
>>
>> I am now hearing from customer service that they are receiving some
>> complaints that some cannot reach the website. I've asked customer service
>> to ask a couple questions so I can understand better what is taking place.
>> I assume the issue is older browsers.
>>
>> At this point what I am being told is Macs with Safari and Firefox (no
>> version info). Apparently the message they see is "this page cannot be
>> displayed".
>>
>> I took a look at the httpd access and error logs and nothing jumps out at
>> me. The server is running CentOS 6.6.
>>
>> Is there other things I can look at or do to troubleshoot this issue?
>>
>> Thank you very much!!
>>
>> Keith
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
James McPhee
jmcphe@gmail.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss