Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 15, 2014 · 10:55 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 15, 2014 · 10:55 AM UTC

15 Oct 2014

Finished battling through webservers, imap servers and smtp servers for SSLv3 disablement. Bleurgh.

Oct 15, 2014 · 10:55 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 15, 2014 · 1:54 PM UTC

15 Oct 2014

@dpashley The issue was working out what the runes should be for each service, after than it was edit and git push :-)

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 15, 2014 · 1:54 PM UTC

15 Oct 2014

@dpashley As for how bad it is, basically you can MITM and read any SSLv3 convo with very little effort.

Bob Mottram @bob@epicyon.libreserver.org · Oct 15, 2014 · 11:01 AM UTC

Bob Mottram @bob@epicyon.libreserver.org @motters

15 Oct 2014

@dsilverstone on webserver setup I just followed the guidelines on bettercrypto.org, which doesn't include SSLv2 or v3

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 15, 2014 · 12:47 PM UTC

15 Oct 2014

@motters Does it cover Cherokee?

Bob Clough 🇪🇺🇬🇧 · Oct 15, 2014 · 11:01 AM UTC

Bob Clough 🇪🇺🇬🇧 @thinkl33t

15 Oct 2014

@dsilverstone Yet another reason we should burn anyone using a web browser over 2 years old.