ContactOffice disabled SSLv3 websupport in response to the Poodle

More about Poodle
You might have heard that Google discovered a 15 year old flaw in SSL 3.0, a security protocol that turns out isn’t quite as secure as originally thought SSL 3.0 could let remote attackers highjack Web browser sessions and gain access to personal data, like Web-based email.

The flaw takes advantage of a browser’s ability to fall back from the more secure TLS protocol to SSL where attackers can then gain access to session cookies on victim’s computers.
In addition Poodle SSL 3.0 flaw could give attackers access to browser session cookies.
TLS and SSL are protocols that let your computer create encrypted connections with servers. SSL was thought for a long time to be very secure, but over the past few months has proven to be vulnerable to attacks that show its encryption isn’t all that safe.

No more support for SSL 3.0

ContactOffice therefore decided to disable SSL 3.0 support for our web servers. We do realise this creates big security compatibility issues for older Web browsers without TLS support.

What should you do?

Most of the responsibility for addressing Poodle falls on our shoulders or the shoulders of your IT team in case you host ContactOffice on your own infrastructure.

However, This doesn’t mean there isn’t anything end users should do:

  • First, make sure you’re using a modern Web browser that supports secure TLS connections, and not something like Internet Explorer 6.
  • Second, watch for browser updates that disable SSL support.

You may also like...