POODLE SSL Vulnerability

We are aware of the recently announced vulnerability in SSL called POODLE. This vulnerability affects a very small percentage of traffic on our systems.

You can read more about this vulnerability at the following links:

https://isc.sans.edu/diary/OpenSSL%3A+SSLv3+POODLE+Vulnerability+Official+Release/18827
https://www.openssl.org/~bodo/ssl-poodle.pdf

The “fix” for this issue is to disable SSLv3 on servers and/or clients that utilize it. Fortunately, it is in use in a very small percentage of traffic and is not likely to hinder traffic to sites we host in any significant capacity.

The recommended solution to this problem will make clients using Internet Explorer 6 running on Windows XP or older recieve an SSL error.

Currently, this fix will also break the Pingdom monitoring service SSL check. Pingdom is aware of this issue and is making the appropriate changes to their systems.

We are aware of the inconvenience this may cause, but we believe that this is the right thing to do.

You can see larger providers implement similar policies here.

https://chargify.com/blog/dropping-sslv3/
https://blog.cloudflare.com/sslv3-support-disabled-by-default-due-to-vulnerability/

If you have any questions or concerns, please contact our help desk by submitting a ticket from https://my.pressable.com.