Security Announcement: Scalr Discontinues Support for SSLv3

October 15, 2014 Thomas Orozco

On October 14th, a team of security researchers from Google announced a new attack on SSLv3: POODLE (CVE­ 2014-­3566), which compromises the secrecy of communications secured using SSLv3, one of the technologies that enable clients and servers to establish an encrypted connection over the internet (e.g. an HTTPS session).

What you need to know

Due to numerous faults in the specification, SSLv3 has been deprecated for a while, but it remained in use across the internet for compatibility with very old clients. Note that this does not mean clients are actively using SSLv3 to talk to e.g. Scalr (TLS, SSL’s successor is used in overwhelming majority of connections). All it means is that SSLv3 is available if they choose to (which they seldom do).

However, in order to ensure the security of our customers, POODLE marks the end of the road for SSLv3 at Scalr, as we are disabling support for it across our servers. This means that clients will now be required to use TLS to talk to Scalr.

What you need to do

As a user, it is unlikely that you’ll be affected. Your clients will continue using TLS to talk to Scalr like they did before we removed support for SSLv3 (like it should). If you do get in trouble, you’ll need to update your clients to something more recent  (for example, TLS has been available in OpenSSL for upwards of 15 years).

Note that if you are using Scalr to deploy HTTPS web servers, you will likely want to make the same change to preserve the security of your users.

Previous Article
Reaching for the Stars: JPL Selects Scalr for Cloud Management
Reaching for the Stars: JPL Selects Scalr for Cloud Management

We are excited to announce today that NASA’s Jet Propulsion Laboratory has contracted with Scalr to use o...

Next Article
Application Cloud Readiness Checklist
Application Cloud Readiness Checklist

Cloud readiness assessment checklist “Is this app ready to be deployed to cloud?” If your organization i...

×

Join thousands of Cloud professionals on the Scalr Newsletter

Thank you!
Error - something went wrong!