Internet Engineering Task Force (IETF) officially deprecated RFC7568 also known as SSLv3. SSLv3 was the protocol behind HTTPs, a method of encrypting communications between servers and clients.

As of 2014 however, SSLv3 is vulnerable to the POODLE attack against SSL block ciphers. POODLE allows an attacker that can control the connection between you and your ISP to pontentially decrypt authentication cookies for sites like your e-mail and your web banking accounts. Such attack could easily take place at a public WiFi hotspot where 802.11 packets are not encrypted.

SSLv3 contained weaknesses that limited its ability to secure communications. These weaknesses have been addressed in the replacement for SSL, TLS.

Websites like disablessl3.com are, for a while now, urging system administrators to disable SSLv3 from their servers and use TLS (the more secure successor to SSL) instead. Because of its major security flaws, the death of SSLv3 wasn’t unforeseeable.

IETF requires that SSLv3 is not used from now on and is exchanged with TLS version 1.2, a much more secure alternative.

Not to mention that IETF urges browsers not to accept any connection coming from an SSLV3 “protected” server.

The RFC targets everyone using SSL 3.0: servers as well as clients:

“Pragmatically, clients MUST NOT send a ClientHello with ClientHello.client_version set to {03,00}.

Similarly, servers MUST NOT send a ServerHello with ServerHello.server_version set to {03,00}. Any party receiving a Hello message with the protocol version set to {03,00} MUST respond with a “protocol_version” alert message and close the connection.”

This change didn’t catch system administrators by surprise. However the implementation of TLS is not going to be an easy one since they have to reconfigure both routers, switches and servers.

Major Server Hosting providers like Amazon have already disabled SSLv3 and recommend using TLS instead. In addition, OpenSSL, one of the major software suites behind HTTPs, has already patched its software to sustain against those vulnerabilities but also recommends using TLS.