Google to Soon Kill SSLv3, RC4 Support in Gmail

Starting on June 16, 2016, the old SSLv3 and RC4 security protocols will no longer be supported on Google’s SMTP servers and on Gmail’s web servers.

Given the insecure status of both SSLv3 and RC4, Google announced in September last year that it would kill both protocols in its products. On Monday, the company revealed that it is removing support for the two standards in Google SMTP servers and Gmail web servers in 30 days.

Defined in 1996, Secure Sockets Layer (SSL) 3.0 was deemed insecure in 2014, because of thePOODLE attack that affects all block ciphers in SSL. Given that the protocol is considered obsolete, the industry is transitioning to the more secure Transport Layer Security (TLS) protocol, currently at version 1.3, which is still a working draft. TLS, however, is also vulnerable to POODLE, researchers believe.

Read More Securityweek