LEAP logo

LEAP Encryption Access Project

Poodle hot-fix

As you may have heard, there is a new dog in town, and it is a Poodle. Poodle (Padding Oracle On Downgraded Legacy Encryption) is the name for a severe flaw in the SSLv3 protocol, which can be exploited to force connections to reveal plain-text. The Poodle announcement brought with it the death of the SSLv3 protocol, and none too soon.

In order to respond to this issue, we've made an important security fix release for the Platform. This release simply disables the SSLv3 protocol (as well as deactivates the weak RC4 cipher).

To apply this update, simply update the Leap Platform master branch (or checkout the signed 0.5.5 tag), and deploy to the webapp node.