My title pretty much sums it up. If I have:
A server with the SSLv3 protocol disabled BUT still have SSLv3 ciphers enabled.
Would that mean that a protocol downgrade attack can still occur?
No, the vulnerability is in the protocol. The suites are fine enough for now when used with TLS 1.0+.
Thanks Ivan - and thanks for the email notification as well!
Retrieving data ...