Now would be a good time to disable any and all SSLv3 still in use within your organisation, the IETF have officially labelled it as dead, thanks to RFC 7568.

SSLv3 suffered a string of vulnerabilities in the last couple of years, going beyond theoretical attacks and into the real world, sometimes actually being responsible to some high profile data leaks. So it’s a good idea to write it off as no longer secure.

Replacements include TLSv1.1 and TLSv1.2 so there’s no lack of good alternatives, and at least these still remain strong and unbroken.

	Posted June 26, 2015
	Written by John Payne