Rackspace is tracking an industry-wide security issue broadly referred to as “POODLE,” (Padding Oracle On Downgraded Legacy Encryption) (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566). This is a vulnerability affecting the SSLv3 protocol, and a number of Rackspace customers may be impacted. At this time, we are not aware of any attacks attempting to leverage the vulnerability, but we’re closely monitoring the situation.
Imagine you have been asked to deploy OpenStack with public facing API endpoints. Your major requirement is to ensure that any service facing the public must be wrapped in SSL to protect user credentials and transactions between the user and the cloud. Unfortunately, you don’t have access to any hardware to terminate the SSL connection and your budget is fairly small.