Disabling SSLv3 Due to POODLE Vulnerability

There have been rumors all week about a new SSL vulnerability that specifically targets the older version 3 of the SSL protocol. Google just published the full details in their POODLE report.

The vulnerability allows an attacker to use padding to circumvent the encryption provided by SSL and get at the plaintext content. Newer versions of TLS (what SSL became after version 3) are not vulnerable, and most modern browsers use the newer versions of TLS.

Based on our understanding of the POODLE vulnerability (mainly the fact that there is currently no workaround), and the fact that we have very little traffic running over SSLv3 (around .5% globally), we are disabling SSLv3 for all Fastly SSL customers, effective immediately. This will mainly affect users of Windows XP Pre-service pack 3 combined with IE version 6. If you are in this group, please upgrade to a more recent browser.

If you have any questions or concerns, please reach out to our support team by emailing support@fastly.com.

Sean Leach
Chief Product Architect
Published

1 min read

Want to continue the conversation?
Schedule time with an expert
Share this post
Sean Leach
Chief Product Architect

Sean is Chief Product Architect at Fastly, where he focuses on driving the product and technology strategy, security and network research, as well as evangelizing Fastly globally.

Ready to get started?

Get in touch or create an account.