Jouke Waleson on December 8, 2014
As a general security precaution, Mendix will be shutting down the legacy SSL 3.0 protocol on our platform and for all Mendix-hosted environments. This will happen on Thursday, December 18th, 2014. We see that less than 0.1% of all requests through our HTTP routing layer still use SSL 3.0; the others use the more secure successor TLS 1.x. Because the usage is so low and TLS support has been generally available for all platforms for a long time, now is the right time to turn off SSL 3.0.
Please note that this does not mean your application traffic is vulnerable to the POODLE exploit released a few weeks ago, as we don’t use any of the vulnerable cipher suites in SSL 3.0.
We have notified Technical Contacts of apps where SSL 3.0 is still used via e-mail. In case you missed that communication, you are advised to turn on TLS and disable SSL in your browsers. To do so, please follow this guide.
Receive Mendix platform tips, tricks, and other resources straight to your inbox every two weeks.