This message popped into my inbox late yesterday.
Image may be NSFW.
Clik here to view.
The survey in question contains the following questions.
Image may be NSFW.
Clik here to view.
All of my clients have gotten rid of SSL on their public facing Web sites.
The dilemma we have is that while SSL is dead, it is baked into so many products and appliances. My clients are therefore stuck with appliances and software products that have SSL hard coded into them. As a result, they will be dependent on their vendors to convert to TLS.
That said, what is the risk of using SSL internally? Not a good practice, but truthfully, what is the risk?
In my opinion, using SSL internally for the next 12 to 24 months would not be the end of the world as long as it does not become a significant attack vector.
It will be interesting to hear the results of this survey.
Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
