Last night Rackspace at around 19.30 BST performed emergency security maintenance on our server infrastructure as a result of a security vulnerability found by Google with SSL 3.0 which could allow secure connections to be viewed in plain text.
This is a global vunerability discovered by Google see http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html and affects all web applications not just ours.
SSL 3.0 is over 18 years old but is still supported by a wide number of clients, however has long been superseded by TLS 1.0, 1.1 and 1.2 (we use TLS 1.2 by default) so SSL 3.0 should not be used if the client supports TLS 1.0 and above.
However if the client does not support the default protocol used by the server then the HTTPS protocol permits connections to be downgraded.
The globally accepted fix to the vulnerability is to simply switch off SSL 3.0 as Rackspace have done, which for the most part is a safe change to make however we have discovered that the Samsung C series panels only support SSL 3.0 and not the new TLS standard therefore stopping these panels connecting to Signagelive.
We are trying to implement a temporary solution for C series players so connectivity will be restored as soon as possible.
This is only be a temporary measure as we need to ensure that Signagelive is a secure as possible, therefore we are working with Samsung to determine if they can issue an emergency firmware update for the C series panels to support TLS 1.0 and above.
Unfortunately this firmware update will need to be manually applied to all C series panels by visiting the site(s) as the C series does not support remote firmware updates.
Please note that this does not affect any other client devices, or the Samsung D series which supports TLS 1.0 and 1.1
We apologise for any inconvenience that this has caused and we will provide further details as we have them, along with when we expect a firmware update to be available when we will switch off SSL 3.0 as the firmware update will need to be applied before then to ensure the panels continue to connect to Signagelive.
If you have any questions at all please get in touch with us by emailing firstname.lastname@example.org or using our live chat service.
Chief Technical Officer