A recently announced vulnerability in SSLv3.0, dubbed POODLE, may allow attackers to see encrypted traffic in plaintext. In response to this vulnerability, Website Pipeline has disabled SSLv3.0.
Modern browsers are not affected by this change as they default to more modern encryption protocols. Internet Explorer 6 users may need to enable support for TLS1.0 to access secure sites. Internet Explorer 6 accounts for less than 1% of traffic across all Website Pipeline networks, so the likelihood of negative impact to your customers is minimal.
For full technical details about the vulnerability, please see Google’s paper on the vulnerability.
The image below shows how to enable TLS1.0 in IE6.
If you have any questions regarding this vulnerability or Website Pipeline's response to the vulnerability, please submit a ticket to our Extranet, and your Technical Account Manager or Project Manager will assist you.
