Disabling support for SSLv3 and RC4 for Gmail SMTP in 30 days

Last September, we announced plans to no longer support two very old security systems called SSLv3 and RC4. As mentioned in Adam Langley’s announcement, these systems are no longer secure and pose a risk to those still using them:

SSLv3 has been obsolete for over 16 years and is so full of known problems that the Internet Engineering Task Force (IETF) has decided that it must no longer be used. RC4 is a 28-year-old cipher that has done remarkably well, but is now the subject of multiple attacks at security conferences. The IETF has decided that RC4 also warrants a statement that it too must no longer be used.

Because of these issues, after June 16, 2016, we will disable both SSLv3 and RC4 support at Google’s SMTP servers and on Gmail’s web servers.

If you are still using SSLv3 or RC4:
  • Most organizations on Google Apps have already stopped using SSLv3 and RC4; however, if you are still on these older systems, we recommend reviewing the suggested actions in the Security Blog announcement and updating to modern TLS configurations.
  • Some common systems that may still be using SSLv3: inbound/outbound gateways, third-party emailers, and systems using SMTP relay.
After this change, servers sending messages via SSLv3 and RC4 will no longer be able to exchange mail with Google’s SMTP servers, and some users using older and insecure mail clients won't be able to send mail.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Admins only

Admin action required for domains using SSLv3 and RC4 for Gmail SMTP

More Information
Disabling SSLv3 and RC4

Note: all launches are applicable to all Google Apps editions unless otherwise noted

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates