Apple disabling the SSL3 support in Push Notification Service

Apple are about to disable SSL3 support in Apple Push Notification Service at Wednesday, October 29.

Developers experiencing issues with Provider Communication interface in the development environment consider immediate updating the code. After this date – Push notification using SSL3 will stop working.

Official apple notification is below

The Apple Push Notification service will be updated and changes to your servers may be required to remain compatible.

In order to protect our users against a recently discovered security issue with SSL version 3.0 the Apple Push Notification server will remove support for SSL 3.0 on Wednesday, October 29. Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected. Providers that support both TLS and SSL 3.0 will not be affected and require no changes.

To check for compatibility, we have already disabled SSL 3.0 on the Provider Communication interface in the development environment only. Developers can immediately test in this development environment to make sure push notifications can be sent to applications.

Advertisements

POODLE Vulnerability found in all latest Checkpoint portals

checkpoint

POODLE Vulnerability found in all latest Checkpoint versions portals (Multi-Portal, GAIA WEBUI Portal, IPSO Portal, Secure Platform WEBUI, LoM card WEBUI)

In continuation to SHELLSHOCK bash vulnerability found exploitable in Checkpoint WEBUI the company is currently working on closing SSL 3 in all portals since found vulnerable for CVE-2014-3566 POODLE Bites vulnerability.

The Checkpoint sk102989 explains step by step procedure about disabling SSL 3 in all portals and howto enable IPS and HTTPS inspection protections in order to block the endpoint user browsers from successful SSL 3 negotiation in case the remote WEB site is trying to force it. The SK is being updated in mostly daily basis. There is no full solution for diskless IPSO systems can survive reboot  yet as well as pending solution for SmartPortal and LOM card WEBUI.

Of course all portals without solution provided shouldn’t be normally available from unsecured networks because designed to manage OS and hardware settings only.

All Checkpoint customers should check their publicly available portals and use the SK in order to fix. In addition it is highly recommended to disable the SSL 3 protocol on browser and network inspection gateways (UTM, Antivirus, Proxies).

There are free online tools customers can easely use in order to verify SSL 3 protocol support as well as POODLE vulnerability and configuration issues for their public portals