The end of SSL 3.0
Dec 10th, 2014
With the recent discovery of SSL 3.0 security flaw, better known as POODLE flaw and a couple of other security flaws found in the OpenSSL, we will be removing SSL 3.0 support from OE Classic completely. Of course, younger and more secure protocols TLS 1.0, TLS 1.1 and TLS 1.2 will still be supported as well as the upcoming TLS 1.3 protocol.
Even though there are likely some users who still might use SSL 3.0 to connect to their servers, we believe that it is for the best that such support is disabled completely. SSL 3.0 is a protocol from 1996 and most servers today use TLS 1.0 which is a direct replacement for it, a security protocol from 1999.
OE Classic also supports more recent TLS 1.1 and 1.2 for servers which support it.
The fixes to POODLE flaw, and disabled SSL 3.0 support will be released in the final update of version 2.2 (and future versions).
Even though this security flaw is mostly of concern to web browsers (you should upgrade your web browser to the latest version!), we prefer to stay on the safe side as user security is one of the primary concerns with the development of OE Classic.