2015-04-17 14:40 GMT+03:00 Peter <peter@xxxxxxxxxxxxxxxx>: > On 04/17/2015 11:20 PM, Eero Volotinen wrote: > > Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 > > and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" > > solution. > > Perhaps re-evaluate the need to have TLS 1.1 and 1.2 right now. The > only attack against 1.0 that I'm aware of is BEAST and that has been > largely mitigated by browser-side fixes to the point where TLS 1.0 is > now considered to be safe. No doubt there will in time be other attacks > that necessitate an upgrade, but for now I would just stick with the > Well, PCI DSS 3.1 standard soon denies use of sslv3 and early version of tls(v1.0) Also noted that is possible to do ssl termination and encryption again with mod_ssl sslproxyengine. -- Eero _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Centos 5 & tls v1.2, v1.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Centos 5 & tls v1.2, v1.1
- From: Eero Volotinen <eero.volotinen@xxxxxx>
- Date: Fri, 17 Apr 2015 22:42:57 +0300
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <5530F13E.3000402@pajamian.dhs.org>
- References:
- Centos 5 & tls v1.2, v1.1
- From: Eero Volotinen
- Re: Centos 5 & tls v1.2, v1.1
- From: Leon Fauster
- Re: Centos 5 & tls v1.2, v1.1
- From: Leon Fauster
- Re: Centos 5 & tls v1.2, v1.1
- From: Eero Volotinen
- Re: Centos 5 & tls v1.2, v1.1
- From: Eero Volotinen
- Re: Centos 5 & tls v1.2, v1.1
- From: Johnny Hughes
- Re: Centos 5 & tls v1.2, v1.1
- From: Eero Volotinen
- Re: Centos 5 & tls v1.2, v1.1
- From: Peter
- Centos 5 & tls v1.2, v1.1
- Prev by Date: Re: Centos 5 & tls v1.2, v1.1
- Next by Date: Re: Plurals in English (was Re: ClamAV reports a trojan)
- Previous by thread: Re: Centos 5 & tls v1.2, v1.1
- Next by thread: ClamAV reports a trojan
- Index(es):
 |