Hey everyone. I wanted to bring up a topic that some of you have asked us from time to time about security on Xojo Cloud.
Yesterday we applied patches to all of your servers to take care of many of the warnings and errors reported by the SSL Certificate verifiers that are used around the web. The one that we did not fix yesterday has to do with the SSLv3 protocol. The reason is that we haven't done this yet is that the ConnectionType property of SSLSocket and all of its derivatives (HTTPSecureSocket, SMTPSecureSocket, POP3SecureSocket) in Xojo framework prior to 2014r3 defaulted to using SSLv3. Flipping this switch without notice could silently break your sites.
So here's what we're going to do. We've decided that SSLv3 support is deprecated for Xojo Cloud as of now and the servers will be updated on August 1st, 2017 such that they will stop accepting SSLv3 connections altogether. If you have any client applications which interface with your web apps on Xojo Cloud, please update them so that they use at least TLSv1.