How much of my traffic is still SSLv3?
When the POODLE vulnerability came out in 2014, it was hailed as the death knell for SSL version 3. In the quarter just prior to POODLE, 98% of Internet sites supported SSLv3, but a year later that s...
Updated Jun 06, 2023
Version 2.0David_Holmes_12
Historic F5 Account
Joined December 19, 2012
MegaZone
Sep 11, 2015SIRT
Note that PCI DSS 3.1 requires SSLv3 and TLSv1.0 to be removed from any existing environments by June 30, 2016. And they must not be introduced to any *new* environments at this point. https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information_Supplement_v1.pdf
Be aware of this if PCI is a requirement in your environment.