Google to Soon Kill SSLv3, RC4 Support in Gmail

  • 17 May 2016
  • 1 reply
  • 102 views

Userlevel 7
Badge +54
By SecurityWeek News on May 17, 2016 Starting on June 16, 2016, the old SSLv3 and RC4 security protocols will no longer be supported on Google’s SMTP servers and on Gmail’s web servers.
 
Given the insecure status of both SSLv3 and RC4, Google announced in September last year that it would kill both protocols in its products. On Monday, the company revealed that it is removing support for the two standards in Google SMTP servers and Gmail web servers in 30 days.
 
Defined in 1996, Secure Sockets Layer (SSL) 3.0 was deemed insecure in 2014, because of the POODLE attack that affects all block ciphers in SSL. Given that the protocol is considered obsolete, the industry is transitioning to the more secure Transport Layer Security (TLS) protocol, currently at version 1.3, which is still a working draft. TLS, however, is also vulnerable to POODLE, researchers believe.
 
Full Article

1 reply

Userlevel 7
Seems to be about time although I suspect that some would argue that it is a well overdue move.

Reply