SSL Security and Xojo Cloud

  1. last week

    Greg O

    Mar 17 Xojo Inc Somewhere near Raleigh, NC

    Hey everyone. I wanted to bring up a topic that some of you have asked us from time to time about security on Xojo Cloud.

    Yesterday we applied patches to all of your servers to take care of many of the warnings and errors reported by the SSL Certificate verifiers that are used around the web. The one that we did not fix yesterday has to do with the SSLv3 protocol. The reason is that we haven't done this yet is that the ConnectionType property of SSLSocket and all of its derivatives (HTTPSecureSocket, SMTPSecureSocket, POP3SecureSocket) in Xojo framework prior to 2014r3 defaulted to using SSLv3. Flipping this switch without notice could silently break your sites.

    So here's what we're going to do. We've decided that SSLv3 support is deprecated for Xojo Cloud as of now and the servers will be updated on August 1st, 2017 such that they will stop accepting SSLv3 connections altogether. If you have any client applications which interface with your web apps on Xojo Cloud, please update them so that they use at least TLSv1.

  2. Tomas J

    Mar 17 Pre-Release Testers, Xojo Pro Europe (Germany)

    good move

  3. 10 hours ago

    Tony B

    10 hours ago Pre-Release Testers, Xojo Pro Sydney, Australia

    Excellent Greg. very timely and good.

    Regards,
    Tony Barry

or Sign Up to reply!