Google to End Support For SSLv3, RC4 Protocols in June
Enterprises that are still using Web servers or email servers running the long obsolete SSLv3 or RC4 cryptographic protocols have one month to update to more recent versions if they want to continue to exchange mail with Google's mail servers.
After June 16, 2016, Google will formally disable support for both SSLv3 and RC4 on its Secure Mail Transfer Protocol (SMTP) servers as well as on Gmail Web servers.
As a result, "servers sending messages via SSLv3 and RC4 will no longer be able to exchange mail with Google's SMTP servers," the company announced this week. "Some users using older and insecure mail clients won't be able to send mail."
Google first announced its plans to drop support for the two protocols last September over concerns about the many security vulnerabilities in the technologies. At the time, the company had noted that it would disable support for SSLv3 and RC4 on its front-end servers as well as on Chrome, Android, SMTP systems and all other systems.
Cipher protocols have been obsolete for a long time and have too many vulnerabilities, according to Google.
In announcing its decision last year to phase out support for the two protocols, Google had pointed to how SSLv3, though still relatively widely implemented in systems, had become obsolete some 16 years ago. The protocol has so many problems that even the Internet Engineering Task Force (IETF) had declared it unsafe for use, Google said at the time. Though the protocol is rarely used these days, many Websites still implement it for backward-compatibility reasons. The same problems were also true of RC4, which has increasingly become the target of malicious attacks, the company had noted.