Mailfence Blog

Mailfence Blog. Get the latest news about secure email and Internet privacy.

Mailfence disabled websupport for SSLv3 in response to the Poodle

by · Published · Updated

Mailfence - Secure and private email serviceMore about Poodle
You might have heard that Google discovered a 15 year old flaw in SSL 3.0, a security protocol that turns out isn’t quite as secure as originally thought SSL 3.0 could let remote attackers highjack Web browser sessions and gain access to personal data, like Web-based email.
The flaw takes advantage of a browser’s ability to fall back from the more secure TLS protocol to SSL where attackers can then gain access to session cookies on victim’s computers.
In addition Poodle SSLv3 flaw could give attackers access to browser session cookies.
TLS and SSL are protocols that let your computer create encrypted connections with servers. SSL was thought for a long time to be very secure, but over the past few months has proven to be vulnerable to attacks that show its encryption isn’t all that safe.
No more support for SSL v3
Mailfence therefore disabled websupport for SSLv3 support for our web servers. We do realise this creates big security compatibility issues for older Web browsers without TLS -websupport-support.

What should you do?

Most of the responsibility for addressing Poodle falls on our shoulders or the shoulders.

However, This doesn’t mean there isn’t anything end users should do:

  • First, make sure you’re using a modern Web browser that supports secure TLS connections, and not something like Internet Explorer 6.
  • Second, watch for browser updates that disable SSL support.
Get your secure email

Mailfence is a secure and private email-suite.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

You may also like...