POODLE Attack! You may have heard the recent information about the POODLE attack. Essentially this is an issue where SSL connections may revert to the known-unsafe SSLV3 protocol. There's really no fix for SSL V3, but there IS a cure that amounts to disabling the fallback to older SSL protocols such as V3. We're going to be doing two things about this:We are in the process of rolling out the recent Openssl fix that uses TLS_FALLBACK_SCSV to stop the rollback to older SSL protocolsWe are in the process of setting up to make our SSL servers no longer accept EITHER SSL2 or SSL3 as protocols. This is really the right thing to do, but it WILL mean that people using browsers that do not understand recent secure connection protocols will be in trouble. This specifically includes old versions of IE. The upshot of this is that once this is completed, people on Windows XP will no longer be able to make secure connections to our servers (with IE). We see this as a minor issue compared to the possibility of compromised security. We are NOT doing this step in the near future, but will be doing it as a normal consequence of a larger operating system upgrade some time in the next few months.More details on POODLE below the fold: Read more about POODLE Attack!