In response to this, we recently added some SSLv3 queries:
Today, we're adding some additional ELSA queries to allow you to see your SSL traffic grouped by version or by cipher.
|SSL - Top SSL Versions|
|SSL - Top SSL Ciphers|
Today's update will also reconfigure Security Onion's Apache instance to no longer accept connections using SSLv3.
The new package versions are as follows:
securityonion-elsa-extras - 20131117-1ubuntu0securityonion45
securityonion-web-page - 20141015-0ubuntu0securityonion2
Issue 629: securityonion-web-page: disable SSLv3 in Apache ssl.conf
Issue 627: securityonion-web-page: separate syslog-ng into program and host queries
Issue 631: securityonion-web-page: collapse query categories by default
Issue 634: securityonion-web-page: add queries for ssl_version and ssl_cipher
Issue 633: securityonion-elsa-extras: parse ssl_version and ssl_cipher out of Bro ssl.log
The new packages are now available in our stable repo. Please see the following page for full update instructions:
|Updating with "sudo soup"|
|Restarting Apache with "sudo service apache2 restart"|
|Verifying that Apache no longer accepts SSLv3 connections|
Thanks to Lee Sharp for providing the new collapsible query categories!
Thanks to Eddy Simons and David Zawdie for testing!
If you have any questions or problems, please use our security-onion mailing list:
Need commercial support? Please see:
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
We especially need help in answering support questions on the mailing list:
We also need help testing new packages: