Hi All, Due to the recently announced POODLE issue (https://support.globus.org/entries/101814643), we are planning to disable SSLv3 support in Globus Toolkit components. All users maintaining GT installations older than 5.2 will need to upgrade to remain compatible with GT services that disable SSLv3 by July 1, 2015.
There is no immediate threat, so we can proceed with a priority on limiting the impact of incompatibility for end users. (Now) The Globus team’s recommendation is for the entire ecosystem to upgrade to a supported release, either GT 6.0 or 5.2, both of which support TLS. This will allow a transition period where clients and services will be able to communicate with either TLS or SSLv3, with newer clients and services choosing TLS by default. We DO NOT recommend disabling SSLv3 for ANY installations during this transition time as it will cause incompatibility with older clients and services that haven’t completed the transition. On January 1, 2015, we will begin the transition to configure Globus Toolkit clients and services as TLS-only by disabling SSLv3. We will provide documentation on how to update services to do so. On July 1, 2015, we will update our security packages to disable SSLv3 and require TLS for all secure communication. Note: Maintainers of non-GT clients and servers that are part of a community’s ecosystem should ensure their software can operate in the upcoming TLS-only environment. Note: We will provide an update to the GRAM client remove use of SSLv3 prior to the transition period. -Globus Dev Team
