So another day, another web security vulnerability. Once again a problem on the internet has prompted me to fix something on my home server, in this case the SSLv3 vulnerabilty that has been given the name "POODLE" (seriously who comes up with these names) and it has reminded me that the SSL settings on my server are woefully inadequate.
Given my site is just a personal site I figure there is no real reason to stay with SSLv3 as I don't much care about IE6 users. In fact, the stuff I use it for supports TLSv1.2 so I may as well stick to that, and the older protocols be damned. This does break a large number of older, and mobile clients. But that is their problem.
It's also a good time to play with different cipher suite orders. So I've removed all but those that support forward secrecy (again, this will break stuff, but not the stuff I use so I don't much care).
Obviously the choices I have made here are made in the absence of any pragmatic need to support legacy systems, but that is the beauty of having a personal site rather than a commercial one.