APNS infrastructure changes

Apple announced yesterday that they are going to perform changes on their push notification service on October, 29th. Here is what you need to know about the upgrade operation.

The change is related to recent security issues found by Google relating to how browser negociate encryption protocol. They found that there is some way to force browsers downgrading to less secure SSLv3 (under some special circumstances).

The issues is mostly targeting browser encryption negotiation and should not have any impact on other type of connections. As such Apple Push Notification Service is likely not hit by any related security issue.

However, SSLv3 is obsolete since a long time. It is actually a 18 years old protocol. As a safety measure, Apple, like many other services, have decided to disable SSLv3 support. It will be effective on October, 29th, as announced on Apple developer site: Update to the Apple Push Notification Service.

For Boxcar Push Developers, we already got you covered and you have nothing to do. Since the announcement of the vulnerability, we completely disabled SSLv3 on all our servers. Boxcar Push infrastructure have been running since October, 14th with SSLv3 disabled. It means that the change performed by Apple will have no impact on our infrastructure.

In case you have more questions on platform security, feel free to get in touch.