SSLv3 Vulnerability

To those of you not aware, Google’s researchers have identified a flaw with SSLv3 (Secure Sockets Layer, version 3). The vulnerability, aka POODLE, enables remote attackers to decrypt communications using SSLv3. SSLv3 was replaced by Transport Layer Security (TLS) 15 years ago, which means this flaw shouldn’t affect many people. Unfortunately because of the way that TLS has been implemented, some are still vulnerable.

It is recommended that everyone disable SSLv3 for their own security, both in web browsers and other applications where it isn’t strictly needed. Similarly we recommend server operators to disable SSLv3 on their services that do not strictly require it. Here is a link that explains solutions for a number of services (Google Chrome, Firefox and others): http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566/537197#537197. Note disabling SSLv3 support on your server will mean that users visiting your site using old web browsers will no longer be able to connect, although most browsers since IE6 should be ok.

We have taken the necessary steps to secure our systems. The recommendations above are steps our clients will need to take in order to secure your systems. If you have questions please feel free to contact our support teams.