On October 14th, Google announced their engineers discovered a flaw in the design of SSL v3, and this vulnerability has been named “POODLE”. Whenever there is an announcement about security vulnerabilities that may affect our customers, we try and make sure that we can you the information so you can understand how these issues may affect you, and what steps we may be taking to address new vulnerabilities.
For our hosting customers, we want to let you know that we are disabling SSL v3 on all our servers to ensure your site’s security. Most people should not experience any issues as a result of the changes we’re making – Google estimates this change will affect less than 1% of the internet as the SSL 3.0 protocol is almost 15 years old, but has remained in place to support users running older browsers.
Check out Google’s Security blog for details on how Windows XP or IE6 are vulnerable to malicious code exploiting this problem.
You should also take steps to protect yourself and your browser from the flaw just to be safe. If you are using IE6, you will need to update your version of IE, or consider switching to Chrome or Firefox, to access our services–and to protect yourself and the websites you visit.
If you are using the latest version of Firefox, they will be disabling SSL v3 in their November 25th Firefox update by default, but you don’t have to wait for that update. Mozilla has created a plugin that will allow you to set the minimum SSL version that Firefox will accept, and you can grab it here:
To turn off SSLv3 support in Internet Explorer 11:
Setting -> Internet Options -> Advanced Tab -> Uncheck “SSLv3” under “Security”.