Help & Support
Follow

"Poodle" and LeanKit

On Tuesday, October 14, 2014, Google researchers published details of a vulnerability targeting version 3 of the SSL protocol (SSLv3), a widely used but older specification for securing web traffic over the Internet. Because of the nature of this vulnerability and the potential impact it could have on our customers, we have disabled the use of the SSLv3 protocol.

Overview of the vulnerability: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

This means that browsers, mobile devices, integrations, and other clients will be able to connect securely using only TLS 1.0, 1.1, or 1.2. SSLv3 is no longer available, and SSLv2 has been disabled for some time.

Most modern clients and web browsers will already have enabled support for TLS -- these users are unlikely to notice any change. Older clients may or may not support TLS, and if they do, they may not have this protocol enabled.

If you are experiencing problems accessing the LeanKit application, please check the following available resource listing of common clients to see if you’re affected: https://www.ssllabs.com/ssltest/clients.html

If you are affected, please refer to your particular software’s documentation to determine whether it supports TLS and how to enable it.

The potential risk of continuing to use SSLv3 is the compelling driver for implementing this change quickly. Please contact LeanKit support by email at support@leankit.com if you have questions.

Have more questions? Submit a request