Check your SSL at the door, and keep your POODLE inside.

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

Deadline coming up (June 30th 2018) to be PCI compliant.
If you are running an older web server with e-commerce, you should be
removing support for older ( i.e., anything pre-TLS 1.1 ) for now to be PCI compliant.
- so, remove SSL 3.0 and TLS 1.0... Might just go to TLS 1.2 to not have to keep doing this if you can.
You can check it with this one liner:
nmap --script ssl-enum-ciphers -p 443

Since the client can be tricked to using lower levels - (and we know it will be impossible to force clients to update) - the server end needs to change to not have support for the lower level TLS.