Archived and Closed
This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Outdated: SSLv3 disabled today
On Tuesday Google posted details about an exploit for SSL Version 3.0. SSL is the protocol that allows secure transactions across the Internet. The exploit provides the means to create a man-in-the-middle attack capable of capturing sensitive information including cookies, passwords, and other data during transit. In response, internet services opted to turn off SSLv3 support.
How does Poodle affect Emma?
Our application makes network requests to outside services we have integrated into the Emma application, services like SurveyMonkey, Twitter, and Facebook. Some of those requests default to SSLv3. Once those outside services ceased support of SSLv3, our requests to those systems failed. This rendered the Emma editor unusable for a small number of customers on Wednesday, October 15th. Our team here worked yesterday to make the necessary changes in our application. They tested and release a fix at 1pm on October 15th. We feel confident we have resolved issues with connecting to these outside services.
How will Emma respond to Poodle?
Emma will follow suit and disable SSLv3 support in the very near future. This change does create a couple of possible impacts for our customers and integrated partners.
1) Users and customers using an older browser will not be able to interact with our application. This is very limited! We already require modern versions of major browsers to interact with our application. Any user affected by this will most likely be receiving "Update your Browser" notifications from a significant number of other services.
2) Any integrations that utilize our public API will need to ensure their connections are making requests using TLS instead of SSLv3. Currently, less than 1% of all traffic across our platform connects with SSLv3.
What is our plan?
1) Tonight at 8pm, we will turn off SSLv3 for 15 minutes as a test. This will allow us to identify any unforeseen problems in preparation to disable it permanently.
2) Assuming everything checks out, we will disable SSLv3 forever early next week.
What should you do?
For the large majority of Emma clients, you don't need to do anything. We are making the necessary changes on our end to keep up with the surrounding tech community. For a very small number of users, you will want to circle up with your web developer and confirm that any custom integrations you have with Emma are updated to use TLS instead of SSLv3.
Please feel free to post any questions here and we will be glad to assist.