[CentOS] Centos 5 & tls v1.2, v1.1
Eero Volotinen
eero.volotinen at iki.fi
Fri Apr 17 19:42:57 UTC 2015
2015-04-17 14:40 GMT+03:00 Peter <peter at pajamian.dhs.org>:
> On 04/17/2015 11:20 PM, Eero Volotinen wrote:
> > Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2
> > and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest"
> > solution.
>
> Perhaps re-evaluate the need to have TLS 1.1 and 1.2 right now. The
> only attack against 1.0 that I'm aware of is BEAST and that has been
> largely mitigated by browser-side fixes to the point where TLS 1.0 is
> now considered to be safe. No doubt there will in time be other attacks
> that necessitate an upgrade, but for now I would just stick with the
>
Well, PCI DSS 3.1 standard soon denies use of sslv3 and early version of
tls(v1.0)
Also noted that is possible to do ssl termination and encryption again with
mod_ssl sslproxyengine.
--
Eero
More information about the CentOS
mailing list