[–] yuhong 10y ago ↗ If you are on Windows Server 2003, install https://technet.microsoft.com/en-us/library/security/ms10-02... with /b:SP2QFE, otherwise your mail server may stop working. (Yes, installing https://support.microsoft.com/en-us/kb/957047 should do this for you, but this is safer especially considering how Server 2003 don't use CBS servicing) [–] aexaey 10y ago ↗ Thank you for mentioning this. I was really struggling to understand reasons for not dropping SSL3 much, much earlier. [–] gram657 10y ago ↗ I guess google's first move was to start identifying mail sent in cleartext with the unlocked red padlock symbol. That was in February 2016. This is stage 2. [–] yuhong 10y ago ↗ This is not about SSLv3, this is about CBC ciphersuites. But yes I should mention that IBM Domino used to be SSLv3 only.
[–] aexaey 10y ago ↗ Thank you for mentioning this. I was really struggling to understand reasons for not dropping SSL3 much, much earlier. [–] gram657 10y ago ↗ I guess google's first move was to start identifying mail sent in cleartext with the unlocked red padlock symbol. That was in February 2016. This is stage 2. [–] yuhong 10y ago ↗ This is not about SSLv3, this is about CBC ciphersuites. But yes I should mention that IBM Domino used to be SSLv3 only.
[–] gram657 10y ago ↗ I guess google's first move was to start identifying mail sent in cleartext with the unlocked red padlock symbol. That was in February 2016. This is stage 2.
[–] yuhong 10y ago ↗ This is not about SSLv3, this is about CBC ciphersuites. But yes I should mention that IBM Domino used to be SSLv3 only.
4 comments
[ 2.2 ms ] story [ 14.8 ms ] thread