Seriously, verify your systems after an update. Only continuous monitoring of security features will make sure you don't expose people to insecure systems over time.

This morning I had to notice that my traefik setup decided to downgrade its defaults to SSLv3 due to a bug in the go TLS library.

So yeah, if you run anything server-side that provides TLS and is build with go 1.12.x you might want to verify it.


And also a follow up on my traefik story, where an upgrade of the go version dropped the defaults for TLS connections down to SSLv3, instead of TLS1.0.

The wonderful team around traefik solved the problem and released a new version within 2 days:

That's how things should work!

Sign in to participate in the conversation
Sheogorath's Microblog

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!