News‎ > ‎

SSLv3 disabled on cilogon.org

posted Oct 15, 2014, 7:59 AM by Jim Basney   [ updated Oct 15, 2014, 7:59 AM ]
In response to the SSLv3 POODLE vulnerability, we have disabled support for SSLv3 at https://cilogon.org/. TLS is now required for access. We do not see any recent use of SSLv3 in our logs, so we do not expect this change to cause compatibility problems for CILogon users. We have also updated our cipher list according to the latest Mozilla Server Side TLS Guidance and have enabled HTTP Strict Transport Security (HSTS). As always, please contact help@cilogon.org if you experience problems or have questions/comments.