SSL Protocol 3.0 Vulnerability (aka The ‘POODLE’ Issue)

Rackspace is tracking an industry-wide security issue broadly referred to as “POODLE,” (Padding Oracle On Downgraded Legacy Encryption) (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566). This is a vulnerability affecting the SSLv3 protocol, and a number of Rackspace customers may be impacted. At this time, we are not aware of any attacks attempting to leverage the vulnerability, but we’re closely monitoring the situation.

Rackspace is taking all relevant actions to protect our infrastructure, and we are encouraging our customers to do the same. We recommend that our customers disable SSLv3 at both the server and client layers. Please note, doing so can create compatibility impacts for legacy infrastructure and user experience. For example, disabling SSLv3 on the server side may cause usability impacts for site visitors using Internet Explorer 6 running on Windows XP. We strongly suggest that you conduct thorough testing to ensure continued operability.

If you have any further questions or need any assistance, please contact a member of your Fanatical Support team.

Rack Blogger is our catchall blog byline, subbed in when a Racker author moves on, or used when we publish a guest post. You can email Rack Blogger at blog@rackspace.com.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here