Google recently announced a new vulnerability called POODLE. It targets SSLv3 connections and is an older encryption protocol in the SSL/TLS family. Most modern browsers default to newer versions of TLS instead of SSL, e.g., TLSv1.2.
OneLogin defaults to establishing connections with browsers and API clients using TLS encryption, but there is a possible attack vector whereby an attacker could cause browsers to downgrade to SSLv3, rendering them vulnerable.
In response, on Tuesday evening, October 14, 2014, OneLogin has disabled SSLv3 across our network by default for all customers, effective immediately. This will have no impact on our supported browser configurations (listed here), but a minority of our users may still use older browsers, such as Internet Explorer 6 running on Windows XP or older. Our data shows that this represents ~0.01% of our user base. If you are affected by this change, you will need to configure your browsers to support TLSv1, or upgrade your browser(s).
OneLogin continues to track this vulnerability. As news breaks, we will update our related post.