Software Development Announcement
On October 14, 2014 Google published details of a vulnerability in the design of SSL version 3.0, the details of which can be found at https://www.openssl.org/~bodo/ssl-poodle.pdf. The protocol flaw, coined POODLE (Padding Oracle On Downgraded Legacy Encryption), allows the plain text of secure connections to be calculated by a network attacker. Upon news of this protocol vulnerability, the infrastructure team at Aegis Identity Software acted quickly to disable SSL v3.0 on all our web servers that host customer supporting web applications, to include Wiki Documentation, OTRS, Artifactory, and Trident COE. During this time, Aegis Identity Software decided to go one step further and leverage a tool provided by Qualys SSL Labs (https://www.ssllabs.com/) to do a complete assessment of our SSL implementation (beyond just mitigating POODLE) across all our web servers. We are happy to report that Aegis Identity Software received an overall rating of A+ from the Qualys SSL Labs assessment. This reinforces the fact that our SSL and TLS implementations are optimally configured to provide the best security for our servers and web applications. We strongly encourage all our customers and partners to leverage the Qualys SSL Labs assessment tool to test their own SSL implementations.
Director, Software Development