Print this page


Knowledge Article Number 000205851

IMPORTANT UPDATE: Visit our Help Documentation for updated information regarding this issue.

At Salesforce, trust is our #1 value and we take the protection of our customers' data very seriously. On October 15, Google researchers published details on a security vulnerability (CVE-2014-3566) that affects the Secure Socket Layer (SSL) version 3 protocol, also known as “POODLE,” which may allow a man-in-the-middle attack to extract data from secure HTTP connections.


At this time, Salesforce supports SSL 3.0 for customers using older browsers, and we also support all modern cryptographic protocols up to TLS 1.2. Although the vulnerability is somewhat difficult to exploit, to further protect customers, we will begin disabling SSL 3.0 to fully address this issue. Salesforce will provide customers additional details through our standard communication channels.


It's somewhat difficult for this issue to be exploited as the following conditions would need to be satisfied:

  • First, a user must be using a browser with SSL 3.0 support enabled.
  • From there, an attacker would need to gain control of the connection between the user’s browser and the website they are connecting to.

We appreciate your trust in us as we continue to make your success our top priority. 

promote demote