Clever Cloud and the POODLE battle

TL;DR:
We are disabling the support of SSLv3 in front of our platform the Friday, 24th October. CBC has already been disabled, mitigating the issue.
The secure web is not for Internet Explorer 6 anymore.

Say hello to the POODLE

POODLE is the codename of a new vulnerability disclosed by Google earlier this week. This vulnerability is not related to a specific software but to a whole protocol: SSLv3.

In few words this vulnerability gives the ability to an attacker to force a client downgrading the protocol version and the cipher suite used to talk to a secure server even if it is compatible with the most recent and secure one. After that the attacker will be able to perform a Padding Oracles attack to decipher the communication.

Does Clever Cloud POODLE?

The most efficient way to prevent this attack on the server-side is to remove the support of the SSL version 3. Removing this version will block some users like Internet Explorer 6 -which is not compatible with the newest protocol TLS- and very old devices.

Even if it is a good pretext to end the very long life of Internet Explorer 6, we prefer to check the impact on our customers before applying this update.

We are planning to disable the support of SSLv3 in front of our platform the Friday, 24th October. If you are a SSL customer and want to keep it, let us know by sending an email to our support.

Disabling SSLv3 is not the only way to mitigate this issue. After the downgrade dance, the most vulnerable cipher suite is CBC and… good news, this cipher was disabled widely on our platform earlier this year!

We are also deploying a patch to support a new cipher suite flag which tells to a server to reject any inappropriate fallback from a client.

Blog

À lire également

Deploy Brinjel on Clever Cloud

Brinjel is an open-source field management software designed for market gardeners, helping them plan seasons, track harvests, and optimize agricultural production. Created by and for market gardeners, it emphasizes an intuitive interface and features tailored to real-world needs.
Company

Simplify the management of Clever Cloud services via Kubernetes with our new operator

For the past two years, we've been enabling our customers to combine the ease of deployment of Clever Cloud with an existing Kubernetes infrastructure through an operator.
Engineering

Keycloak as a Service: identity management without the complexity

Ensuring identification and access management (IAM) in an application is a challenge that is as strategic as it is complex. But beyond the initial configuration, it is the maintenance, updates and supervision of the solution that most mobilise your teams. What if you could concentrate on your applications... while a managed solution took care of the rest?
Company