I refer to the vulnerability described below:
Can I disable SSLv3 in browser & web servers (IIS & Apache) using method/command given in
EE link below & if so pls provide the exact steps/commands:
I recall for Heartbleed vulnerability, MS came up with workarounds (in IE & some registry) & a couple
of weeks later, released a patch for it. Is there similar registry workaround (perhaps this was asked
in Q1 above) & will MS be releasing a patch for it?
Any RHEL 5.x/6.x & Solaris x86 Ver 10 patches?
If SSLv3 is disabled, how will web service work then? I recall 1-2 years back, we can disable SSLv2
& one EE expert told me the browser will auto-detect & move on to use SSLv3 if it detects SSLv2
is disabled? So if both SSLv2 & v3 are disabled, is there something else it will move to?
Will deploying host-based IPS (say TrendMicro) more likely to break the app/service (esp web service)
compared to disabling SSLv3 ?
Is SSLv3 with TLS1.0, TLS1.1 and TLS1.2 ciphers in F5 loadbalancer also affected by this vulnerability?
If we disable SSLv3 in F5 loadbalancer, what's the other alternative the F5 will use? Assume we
rule out SSLv2 will be used.