If you don't find an answer, please click here to post your question.
Posts: 1,380
Topics: 178
Kudos: 108
Blog Posts: 78
Ideas: 3
Solutions: 39
Registered: ‎08-20-2012

Ooyala Security Update - Vulnerability in SSLv3 2.0 & 3.0

[ Edited ]



Dear Ooyala Customer,


As you may have heard, Google recently disclosed a significant vulnerability in an old browser-to-server encryption technology called SSL v3.  This is a sufficiently significant vulnerability that most cloud providers - including all the Tier One CDNs, Ooyala, and others - are swiftly moving to disable this technology.


For most of your viewers, there will be no impact: the only major browser still using SSL v3 is Internet Explorer 6, which was released 13 years ago. The industry estimates that only about 0.5% of Web traffic will be impacted by the disablement of SSL v3.


As part of this security operation, Ooyala, along with most other major cloud providers, is also requiring the use of Server Name Indication (SNI) in conjunction with most secure communications. This may have an impact on some customer API integrations, as SNI support may not be present in older coding languages and frameworks.  It may extend the list of browsers impacted, if only marginally.


We strongly recommend you verify that any API integrations are able to interact in an SNI-enabled environment.  For reference, following is the list of updated Ooyala services:



With the disablement of SSL v3, a significant vulnerability has been closed.  The vast majority of viewers, and customer applications, will continue to operate as normal.  Should your viewers, or your applications, have any issues, however, please do not hesitate to reach out to your Customer Success Manager or Ooyala Tech Support.



Ooyala Team

Please show your appreciation to others. If someone helps you, don't forget to give them Kudos by clicking the star button next to their post. If a post answers your question, please mark it as an "Accepted Solution."

Check out our latest Ooyala Engineering Blog!