SSL3

[Atinux]

Just for information:

We are scheduling a change to the Pusher system which may affect your integration.

CHANGE DESCRIPTION

In response to CVE-2014-3566 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566) we will be removing support for SSLv3 from our REST API endpoints. After this change takes place, clients connection to the REST API will need to support TLS1.0 or above.

CHANGE WINDOW

The change will be applied between 2014-12-01 08:00 and 2014-12-01 16:00 UTC

ACTION REQUIRED

If you do not use SSL when connecting to the REST API then you need not take any action.

If you do connect over SSL, please ensure that you client supports at least TLS1.0.

In order to help test if your clients have the appropriate support or not, we have provisioned temporary REST API endpoints which match the SSL setup you will see in production after this change. If you wish to test your client, you may configure it to connect to:

• api-ssl3test.pusherapp.com if you use the default Pusher cluster
• api-eu-ssl3test.pusher.com if you use the EU cluster

If you are using a client library, please consult the documentation for how to alter the endpoint.

Notes on these endpoints:

• they DO NOT support plain HTTP, only secure connections are supported.
• they DO route to the regular REST API. Requests you make through this endpoint will be executed in the production environment.
• they WILL NOT exist after the change window outlined above. Please do not deploy this change of endpoint to any production environment. The endpoint is provided for testing only.

If you have any concerns about the above, please get in touch with our support team.

Regards, Pusher Change Management

[alexwhitman]

That's for Pusher not PushBullet, right?

[Atinux]

Oh damn, sorry!