The Serpent

// Cursing the Internet since 1998

So Long, SSLv3

Now would be a good time to disable any and all SSLv3 still in use within your organisation, the IETF have officially labelled it as dead, thanks to RFC 7568.

SSLv3 suffered a string of vulnerabilities in the last couple of years, going beyond theoretical attacks and into the real world, sometimes actually being responsible to some high profile data leaks. So it’s a good idea to write it off as no longer secure.

Replacements include TLSv1.1 and TLSv1.2 so there’s no lack of good alternatives, and at least these still remain strong and unbroken.