June 24, 2016
Effective June 16, 2016, Google has disabled support for two security systems called SSLv3 and RC4 support at Google's SMTP servers, IMAP/POP clients, and on Gmail's web servers for the following reasons:
- SSLv3 has been obsolete for over 16 years and the Internet Engineering Task Force (IETF) has decided it must no longer be used
- RC4 is a 28-year old cipher that is now the subject of multiple attacks at security conferences. The IETF has decided that RC4 also must no longer be used
If you are still using SSLv3 or RC4:
- Google recommends reviewing the suggested actions in the Security Blog announcement and updating to modern TLS configurations
- Some common systems that may still be using SSLv3: inbound/outbound gateways, third-party emailers, and systems using SMTP relay