Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Google to End Support For SSLv3, RC4 Protocols in June

    By
    Jaikumar Vijayan
    -
    May 17, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Google ends support for old email protocols

      Enterprises that are still using Web servers or email servers running the long obsolete SSLv3 or RC4 cryptographic protocols have one month to update to more recent versions if they want to continue to exchange mail with Google’s mail servers.

      After June 16, 2016, Google will formally disable support for both SSLv3 and RC4 on its Secure Mail Transfer Protocol (SMTP) servers as well as on Gmail Web servers.

      As a result, “servers sending messages via SSLv3 and RC4 will no longer be able to exchange mail with Google’s SMTP servers,” the company announced this week. “Some users using older and insecure mail clients won’t be able to send mail.”

      Google first announced its plans to drop support for the two protocols last September over concerns about the many security vulnerabilities in the technologies. At the time, the company had noted that it would disable support for SSLv3 and RC4 on its front-end servers as well as on Chrome, Android, SMTP systems and all other systems.

      In announcing its decision last year to phase out support for the two protocols, Google had pointed to how SSLv3, though still relatively widely implemented in systems, had become obsolete some 16 years ago. The protocol has so many problems that even the Internet Engineering Task Force (IETF) had declared it unsafe for use, Google said at the time. Though the protocol is rarely used these days, many Websites still implement it for backward-compatibility reasons. The same problems were also true of RC4, which has increasingly become the target of malicious attacks, the company had noted.

      Google recommended a set of actions that Website owners can take to disable SSLv3 and RC4 and update to more modern Transport Layer Security (TLS) configurations. As part of its recommendations Google has also specified new minimum standards for the Transport Layer Security (TLS) protocol used by browser clients to ensure they work without problems through 2020 at least.

      Concerns over the security of the older cipher protocols have lingered for years, but bubbled to the surface in late 2014 when security researchers at Google discovered a critical vulnerability in SSLv3, which basically gave attackers a way to break the security of encrypted communications between browser clients and Web servers.

      The bug and an associated exploit, dubbed ‘POODLE‘ (Padding Oracle On Downgraded Legacy Encryption), raised widespread concerns about attackers being able to steal cookies, passwords and credentials to online accounts such as those controlling access to online bank accounts of Internet users.

      POODLE prompted the Mozilla Foundation to announce it would disable support for SSLv3 in its Firefox browser almost immediately. Even though Firefox at the time used SSLV3 for barely 3 percent of secure connections, it still amounted to millions of transactions per day, Mozilla said. Mozilla ended support for the protocol with the release of Firefox 34 in November 2015.

      Microsoft followed suit by announcing plans to disable SSLv3 by default in Internet Explorer, Azure, Office 365 and across all Microsoft online services using the protocol starting Dec. 2014.

      Jaikumar Vijayan
      Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×