If you run an SSL server it is well worth running it through <a href="https://www.ssllabs.com/ssltest/index.html" rel="nofollow">https://www.ssllabs.com/ssltest/index.html</a> to spot any config errors. It was this that spotted I had SSLv3 enabled. I would have been completely clueless otherwise.
Maybe once major browsers all disable RC4, my bank will finally stop using it. Or maybe they'll just sit on their hands and tell people to use IE6. I don't know. Anything is possible when they're using such a ridiculous TLS config in 2015 (only TLS 1.0, only 3DES and RC4).
This is a good move.<p>As an aside, I thought this was a funny appeal to authority:<p>> <i>SSLv3 has been obsolete for over 16 years and is so full of known problems that the IETF has decided that it must no longer be used.</i> <link to RFC 7568[0]><p>This blog post was written by Adam Langley, who is also one of the authors of RFC 7568.<p>[0] <a href="https://tools.ietf.org/html/rfc7568" rel="nofollow">https://tools.ietf.org/html/rfc7568</a>
The only mainstream browser that doesn't support TLSv1 by default is IE6, and it's been dead for quite some time.<p>(At one of my API endpoints, I'm seeing IE6 market share in the range of 0.013%. And this is in South Korea where IE market share is abnormally high to begin with, so I'm sure the numbers are even lower in most other parts of the world.)<p>So this change has more to do with API clients than browsers. Unfortunately, a lot of API clients are still written for, and run on, grossly outdated platforms. For example, Java 1.4 is as old as IE6, but one still sees it in the wild from time to time.
Requiring Server Name Indication (SNI) extension is quite significant as if I understand correctly then this blocks Windows XP to access any of the Google services with any version of Internet Explorer.
What I don't understand is how google can be comfortable to use TLS on their SMTP service given that it is vulnerable to a STARTTLS downgrade MITM attack. It's like switching from old encryption to optional encryption.
If you want to get rid of POODLE vulnerability due to SSLv3,<p>Here's how you can solve it in Google Chrome, Firefox & IE - <a href="http://bit.ly/disable-SSLv3" rel="nofollow">http://bit.ly/disable-SSLv3</a>