Recently the discussions regarding the Poodle vulnerability have been focused around it's impact on Ping Identity's solutions when they act as servers. There are however a number of use cases where solutions such as PingFederate act as clients. These include protocol based use cases such as SAML artifact resolution, SCIM provisioning, OAuth and OIDC, as well as service specific integrations. One of the more common of these use cases is Salesforce provisioning and delegated authentication.
If you are a Salesforce customer you may have already received a communication from Salesforce about their plans to mitigate the Poodle vulnerability by disabling SSL 3.0 encryption over the next 2 months. This change impacts the cryptographic protocols that Salesforce accepts with regards to connections from web browsers and software integrations using their APIs.
Our Engineering team is evaluating potential impacts of this change on our Salesforce solutions. Given Salesforce's aggressive timeline for this change, our goal is to quickly provide our customers the most accurate and complete information they need to understand how this change impacts Ping Identity solutions and what mitigation steps may be required, if any.
Please watch this space for more information as it becomes available.