Earlier this week, Google Security published details of a flaw in SSL 3.0, a protocol occasionally used for encrypting HTTPS traffic.
What are we doing about it?
Due to the nature of the flaw, the only safe way to prevent it is to disable all support for the SSL protocol in HTTPS connections. Fortunately, SSL has long-since been superseded by the Transport Layer Security (TLS) protocol, which is supported by all web browsers released since 2002. Since the GoSquared website and apps do not function on browsers older than that anyway, we were comfortable disabling SSL 3.0 support on all parts of the website and API, and did so immediately.
In addition to disabling SSL 3.0 on the GoSquared website and API, we have also disabled it on all of our tracking endpoints, used to collect tracking data.
What does this mean for you?
If you are using the GoSquared apps or website, then you’re already using a recent-enough browser. You should see absolutely no change in the way you use GoSquared, and everything will continue to function as normal.
As a result of this change, however, we are officially dropping secure tracking support for browsers that do not support SSL 3.0. What this means in real-world terms is that if you are tracking a site served over HTTPS then visitors using Internet Explorer 6 and earlier will no longer be tracked by GoSquared. We have measured this traffic to account for less than 0.001% of total traffic across our network, so chances are you won’t notice anything different in data reported by GoSquared anyway.
