While all of the major browser vendors have patched the Poodle SSL 3 vulnerability, the said same major browser vendors all agree that SSL 3 should no longer be used. Apple is doing its part, telling its developer partners that SSL 3 support will be removed from Apple Push Notification Server from next Wednesday.
Update to the Apple Push Notification Service
October 22, 2014
The Apple Push Notification service will be updated and changes to your servers may be required to remain compatible.
In order to protect our users against a recently discovered security issue with SSL version 3.0 the Apple Push Notification server will remove support for SSL 3.0 on Wednesday, October 29. Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected. Providers that support both TLS and SSL 3.0 will not be affected and require no changes.
To check for compatibility, we have already disabled SSL 3.0 on the Provider Communication interface in the development environment only. Developers can immediately test in this development environment to make sure push notifications can be sent to applications.
Apple patched the Poodle SSL 3 vulnerability with the release of OS X Yosemite, as well as stand-alone patches for OS X Mountain Lion and OS X Mavericks.
Leave a Reply