QVSource SSL Issue And Fix

Yesterday morning it became apparent that our Twitter Connector was broken and there were also issues with our Facebook Connectors.

We immediately posted regarding the issue on Twitter's developer support forum and soon discovered that it had been caused by Twitter turning off support for SSL3 due to the recently discovered POODLE vulnerability in SSL3 (see here and here).

Further, it turns out that Facebook (and likely many other services) have also turned of SSLv3 support (necessarily, without being able to give much notice).

Unfortunately, there was some (unnecessary) code in QVSource which set our SSL mode to SSLv3 only (rather than the default of SSLv3 or TLS) whenever an OAuth1 request is made via the Twitter Connector.

What This Means

If you are using a version of QVSource lower than 1.5.6.0 then:

  • Twitter Connector requests will now be failing.
  • Facebook Connector (Fan Pages or Insights) will likely be failing (if QVSource has also made at least one request to the Twitter Connector before any requests to Facebook have been made. If the Facebook requests were made first then they will likely still work).
  • Other Connectors may also be failing.

We have a fix now which we will push out officially soon via a newsletter and blog post highlighting the other updates. However if you read this and need it immediately please email us.

Lastly, we apologise for the inconvenience. We were able to supply a fix to customers who noticed the issue internally within hours of being aware of the issue. We value the relationship we have with our customers, partners and trial users and welcome any feedback you have with how we have dealt with this unusual incident.

Page List