Support for Encrypted Communication

2 minutes read

Support for Encrypted Communication

CM is supporting encrypted communications to protect connections and data between CM’s platform and your web application.

On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, called POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.

Vulnerabilities in certain SSL certificates and connections force companies worldwide to apply security patches and to disable certain connections, like version 3 of Secure Sockets Layer (SSLv3).

One of the solutions includes disabling SSLv3. Unfortunately, there is no patch for this to install. The only action that solves the problem is disabling SSLv3 in every application that uses it.

Impact of Disabling SSLv3

There’s little impact for most people and businesses in disabling SSLv3 because they are not relying on SSLv3 to make connections via SSL/TLS. The large majority relies on TLS.

In some cases it may however affect companies and organisations that are still relying on SSLv3. There is a way to detect whether your company relies on SSLv3. Check this link to view specifications on detecting if you are using SSLv3.

Applying security patches or disabling SSLv3 may lead to lost connections, but actions should be taken to ensure that you are not vulnerable in your roles as both a client and a server. Since encryption is usually negotiated between clients and servers, it is an issue that involves both parties.

Servers and clients should take steps to disable SSLv3 support completely. Many applications use better encryption by default, but implement SSLv3 support as a fullback option. This should be disabled, as a malicious user can force SSLv3 communication if both participants allow it as an acceptable method.

Continuing process of securing protocols 

Although updating and patching the old software might be a hassle, it is wise to verify whether encryption protocols and techniques have been out-dated or not. Securing these protocols and techniques is continuing process and part of daily returning security measurements and improvements.

CM’s support team is pro-actively involved in this matter. If you experience any issues regarding these vulnerabilities, please do not hesitate to contact our service & support team.

Our service team is 24 hours a day present for answering your questions. They continuously monitor the systems and (inter)national connections, so your SMS & Push messages can always be delivered.

go to security sector

Enjoyed this article? Please share the news!

Continue reading

Next Africa's innovation out of necessity, the gold of today is mobile
Previous By 2020, 90% of world’s population aged over 6 will have a mobile phone
Back To news overview

Related articles

Today CM takes the next step in platform high availability
CM takes next step in platform high availability
CM Telecom co-founder new MEF program to tackle fraud in messaging
Stop investing in Apps! Invest in Business Messaging
CEO CM in Deloitte’s Mid Market Monitor 2013-07-22

About the author

Charlotte van Raak is content marketer and makes sure our readers always have interesting blogs to read about how to engage with customers. During the day, she answers 1K questions in her role as communications advisor. At night she preferably sleeps.

Connect with Charlotte on