We've known since POODLE that SSL is broken beyond repair.
From http://www.us-cert.gov/ncas/alerts/TA14-290A
Don't use SSL.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012
From http://www.us-cert.gov/ncas/alerts/TA14-290A
United States Computer Emergency Readiness Team Wrote:There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol
Don't use SSL.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."
- Michael Ignatieff, addressing Stanford University in 2012