[aklug] If you are still running SSLv2, you should disable it ASAP

From: Royce Williams <royce@tycho.org>
Date: Tue Mar 01 2016 - 06:05:44 AKST

A new attack makes all servers running SSLv2 vulnerable.


Strongly recommend that you move to disable SSLv2 on affected systems.
Disabling SSLv2 is the best and fastest remedy, and likelihood of
impact of doing so is very, very low - all clients in the past decade
support TLS 1.0 as well.

Use this tool to make it easier on IIS:


In Apache, assuming mod_ssl:

    SSLProtocol all -SSLv2 -SSLv3

Search for your affected domains here (working on an updated version ASAP)


... and use the search box for classful searches for your IP space,
your domains, or "SSLv2 on"

Note that the attack works even if SSLv2 is "soft disabled" by
disabling all SSLv2 ciphers.

To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Mar 1 04:23:55 2016

This archive was generated by hypermail 2.1.8 : Tue Mar 01 2016 - 04:23:55 AKST