SSL 3.0 disabled as on End of day 15, October 2014

Encryption in SSL 3.0 uses either the RC4 stream cipher, or a block cipher in CBC mode. RC4 is well known to have biases [RC4­biases], meaning that if the same secret (such as a password or HTTP cookie) is sent over many connections and thus encrypted with many RC4 streams, more and more information about it will leak. This leaves us with no secure SSL 3.0 cipher suites at all. To achieve secure encryption, SSL 3.0 must be avoided entirely. More details on this can be found here. https://www.openssl.org/~bodo/ssl-poodle.pdf

 SSL 3.0 is nearly 18 years old and most servers & clients are already using most recent standards like TLS 1.0 (or above). We have disabled SSL 3.0 today across www.cloudforge.com siting the above mentioned security issue. Most clients should automatically work and switch to TLS (if they were using SSL 3.0 earlier). If you have any difficulties in accessing the CloudForge services, please update your client or check client documentation for configuring TLS standard.

Have more questions? Submit a request

0 Comments

Article is closed for comments.