0

My service submission was rejected for an SSLv3 handshake failure. The self tests run successfully on my development machine. Here is the error message from the rejection reasons:

urllib2.URLError: <urlopen error [Errno 1] _ssl.c:504: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure>

Surely SSLv3 support should no longer be required due to known vulnerabilities (Poodle): see http://aws.amazon.com/security/security-bulletins/CVE-2014-3566-advisory/

The Sonos documentation states:

  • Not use an SSL/TLS implementation exposed to any known vulnerabilities, for example, Heartbleed and CRIME.
user3885343
  • 3
  • 1
  • 1

1 Answers1

1

It looks like that is an error on the part of the Sonos validation. Sonos only supports TLS v1.0 and not SSL v2 or v3 for the vulnerability reasons that you mention.

We will fix the test we are using on our backend and make sure that this does not cause your submission to be rejected in the future. If this was the only error that was cited in the rejection please resubmit and you should be fine. If your service was rejected for other reasons please make sure that these are corrected as well before you resubmit.

Keith - Sonos Dev Advocate
  • 426
  • 2
  • 7