Recently, a team of security experts announced a vulnerability using Padding Oracle On Downgraded Legacy Encryption or "POODLE" that allows a network attacker to extract the plain text of certain parts of a secure connection (SSL), usually cookie data. This vulnerability is a problem because it is used by both websites and web browsers; both must be reconfigured to prevent using SSL 3.0. This solution discusses Blackbaud Hosting Services' measures to ensure complete security in response to this vulnerability.
During an emergency maintenance window on October 17, Blackbaud Hosting disabled SSL 3.0 in all our environments as a precautionary measure. We have tested and confirmed that this non-impacting change will not disrupt your ability to access our environment or your hosted applications. As always, Security is at the forefront of our environment and we strive to provide a safe and secure hosting service for all of our customers.