At this time, Salesforce supports SSL 3.0 for customers using older browsers, and we also support all modern cryptographic protocols up to TLS 1.2. Although the vulnerability is somewhat difficult to exploit, to further protect customers, we will begin disabling SSL 3.0 to fully address this issue. Salesforce will provide customers additional details through our standard communication channels.
It's somewhat difficult for this issue to be exploited as the following conditions would need to be satisfied:
- First, a user must be using a browser with SSL 3.0 support enabled.
- From there, an attacker would need to gain control of the connection between the user’s browser and the website they are connecting to.
We appreciate your trust in us as we continue to make your success our top priority.