Today, Google announced a vulnerability in the implementation of the SSL 3.0 protocol, potentially compromising secure connections online. DigiCert and other security experts are recommending system administrators disable SSL 3.0 on their servers and use TLS 1.1 or 1.2.

This vulnerability does not affect SSL Certificates. There is no need to renew, reissue, or reinstall any certificates.

DigiCert DOES NOT have SSL 3.0 enabled on its website or online services and is not vulnerable to the exploit.

SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and...will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. - Google Security Blog

What Should I Do?

You can use DigiCert's free tools Certificate Inspector and the SSL Installation Diagnostics Tool to check if SSL 3.0 is enabled on your servers.

For servers that have SSL 3.0 enabled, DigiCert and other security experts are recommending that you disable SSL 3.0 and use at least TLS 1.0, preferably TLS 1.1 or 1.2. Most modern browsers will support TLS 1.1 and 1.2.

Instructions to disable SSL 3.0:

• IIS
• Apache
• Nginx

If you use a hosting provider, we recommend that you call your provider and request that they disable SSL 3.0 on your server.

To protect yourself while on sites that still have SSL 3.0 enabled, you can disable SSL 3.0 client-side in your own browser. See our instructions disabling SSL 3.0 in Internet Explorer, Firefox, and Chrome.

Servers that do not have SSL 3.0 enabled are unaffected.

DigiCert is taking swift action to notify our customers and other community members of the vulnerability, and inform them of the recommended courses of action.