

Nasty SSL 3.0 vuln to be revealed soon - thibaut_barrere
http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow

======
thibaut_barrere
Note: I'm no security expert, just sharing what I discover.

You can scan an existing host for SSLv3 with "nmap --script ssl-enum-ciphers
-p 443 <host>" (via
[https://twitter.com/kramse/status/522067567960399872](https://twitter.com/kramse/status/522067567960399872)).

SSLv3 is afaik only needed for IE 6 support (per
[https://www.owasp.org/index.php/Transport_Layer_Protection_C...](https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-
_Only_Support_Strong_Protocols)).

