In an effort to better protect our customer's data, we have been working on updating our SSL protected services to the industries "best practice". As of yesterday, we have ceased the use of SSLv3 on our member services including Member Tools, Webmail, and our mail cluster. This was to protect against a new vulnerability in the SSLv3 protocol that has been dubbed "POODLE". More information for that may be found here: https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ . It is also recommended that users disable SSLv3 in their clients. Some older clients may not be able to disable this protocol, and the only course of action is to update to a client that supports TLS. For more information on how to configure your clients, see the following link: https://zmap.io/sslv3/browsers.html In other SSL related news, the SHA-1 hashing algorithm is to be phased out over the next few years. As a result of this announcement, we have been reissuing our certificates to the SHA-2 hashing algorithm over the last week. Any discussion of SSL should be directed to the forums. https://forums.sonic.net/ Kelsey, Grant, and SOC
Why didn’t Sonic tell people about this change before making it? I couldn’t get to my mail for days, and I also couldn’t get to the forums or even to this status page.