[Snort-sigs] Snort Blog: Requiring at least TLS 1.2 for Snort.org

Joel Esler (jesler) jesler at cisco.com
Fri Apr 6 17:20:48 EDT 2018


Requiring at least TLS 1.2 for Snort.org<http://Snort.org>
Later this month, (currently planning) around April 25th, we will be forcing everyone who visits Snort.org<http://Snort.org>, either via API (oinkcode) or the website to at least negotiate at TLS version 1.2 or 1.3.

Today we do not enforce this restriction, but as we move more and more things here at Snort / Talos / ClamAV to a more secure environment, we want to make sure everyone is doing so, at the best possible encryption level.

We already enforce HTTPS for every connection to any host on the snort.org<http://snort.org> domain (to include blog.snort.org<https://blog.snort.org/> starting this week, in case you didn't notice), and all HTTP connections are now redirected to HTTPS.  This change hasn't had any negative impact (as far as we can tell), as only 7% of connections in the past month to the snort.org<http://snort.org> domain were over HTTP.

What we are concerned about, are very old installations of Snort boxes out there that haven't been updated in some time (we know they exist), not being able to connect to Snort.org<http://Snort.org> anymore.

We are assuming the majority of these to be blocked already, as they are attempting to download version "2.4.4" of the ruleset for example.

However, In an abundance of caution, and to isolate any issues that this may have, I figured I'd write this blog post just in case.

Joel Esler
Open Source, Design, Web, and Education
Talos Group
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180406/a924cfb6/attachment.html>

More information about the Snort-sigs mailing list