Re: Lessons learned disabling SSLv3

[Rob Taylor <rgt () WI MIT EDU>]

Hi Dan. I have used this site before and you can choose how aggressive you want to be with your config, and it will
tell you the clients that will be out in the cold should you make those choices.

https://mozilla.github.io/server-side-tls/ssl-config-generator/

rgt

Whitehead Network/System Administrator

----- Original Message -----
> We are working to disable SSLv3 in favor of at least TLS1.0 (possibly
> higher) on all web servers at the University. We have some concerns about
> browser compatibility issues with the versions of TLS. All modern browsers
> support at least TLSv1.0 so we anticipate that the impact to our community
> will be low if we disabled only SSLv3. If we disabled TLSv1.0 as well, it
> seems more browsers would have compatibility issues. Source:
> http://en.wikipedia.org/wiki/Transport_Layer_Security
>
>  
>
> For systems that are managed by the University, we can make broad
> configuration changes as needed, but we also have students and outside
> parties with machines not under our control. I'm wondering if other schools
> have gone through this effort to disable SSLv3 and/or TLSv1.0 and have any
> lessons learned or unexpected consequences they could share?
>
>  
>
> Thanks in advance,
>
>  
>
> Dan Woodruff
>
> University IT Security and Policy
>
> University of Rochester
>
>