- October 16th, 2014 1114
We’ve had many customers contact us and ask about the recent POODLE SSL exploit going around the Internet over the past day or so and we would like to comment publicly about our customer’s private data and its safety / security here with us. ASPnix’s corporate servers such as aspnix.com, billing.aspnix.com, panel.aspnix.com and tspanel.aspnix.com are not vulnerable to the POODLE SSL exploit.
All of our corporate servers have SSL 3.0 disabled and have had it disabled for some time now. Our servers also have the older RC4 ciphers disabled as well as older hashes such as MD5 disabled. All of our corporate systems also support Forward Secrecy and Strict Transport Security (HSTS). We take our customer’s private data seriously which is why we strive to disable older out-of-date technologies and protocols before they are opened to exploits such as SSL 3.0 and RC4.
You can view our billing system’s SSL report / rating https://www.ssllabs.com/ssltest/analyze.html?d=billing.aspnix.com here.
As for client shared-SSL and client web servers, we are working to secure them, we’ve not disabled SSL 3.0 on shared-SSL due to the issues of blocking out older browsers such as IE 6 on Windows XP, we felt it was not right at the time to disallow certain browsers from accessing a client’s website. However, in light of the recent heightened attacks against SSL we feel it is now time to disable SSL 3.0 and older ciphers globally on all of our systems. We will notify all clients before this change takes place so that you and your visitors are not caught off guard.
If you have any questions or concerns, please contact our support department and we will be happy to address them!
Thank you for choosing ASPnix as your web hosting provider!