Ongoing SSL Updates

In an effort to better protect our customer's data, we have been working
on updating our SSL protected services to the industries "best
practice". As of yesterday, we have ceased the use of SSLv3 on our
member services including Member Tools, Webmail, and our mail cluster.
This was to protect against a new vulnerability in the SSLv3 protocol
that has been dubbed "POODLE". More information for that may be found
here:
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ .

It is also recommended that users disable SSLv3 in their clients. Some
older clients may not be able to disable this protocol, and the only
course of action is to update to a client that supports TLS. For more
information on how to configure your clients, see the following link:

https://zmap.io/sslv3/browsers.html
 
In other SSL related news, the SHA-1 hashing algorithm is to be phased
out over the next few years. As a result of this announcement, we have
been reissuing our certificates to the SHA-2 hashing algorithm over the
last week.

Any discussion of SSL should be directed to the forums.
https://forums.sonic.net/

Kelsey, Grant, and SOC

1 comment for “Ongoing SSL Updates

  1. Why didn’t Sonic tell people about this change before making it? I couldn’t get to my mail for days, and I also couldn’t get to the forums or even to this status page.

Leave a Reply

Your email address will not be published. Required fields are marked *