POODLE Vulnerability


PC's accessing Financial or User data sensitive websites should make sure they are protected.


Background information:

SSL (Secure Sockets Layer) creates an encrypted connection between your web server and your visitors' web browser allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery.


TLS - Transport Layer Security - is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

Older websites used SSL for data security in the past, this type of security is be phased out and the new TLS security is being used.

TLS 1.0, TLS 1.1, TLS 1.2, and all cipher suites that do use CBC mode are not affected.

Please make sure your browser is not using SSL security and you are using TLS 1.0 or higher. To check to see if you are at risk go to https://www.poodletest.com .


Instructions

Internet Explorer

1 Click the "Tools" button or menu at the top of the screen, then click "Internet Options."

2 Click the "Advanced" tab. Scroll down to the "Security" section and remove the checks from next to "Use SSL 2.0," and "Use SSL 3.0". Make sure USE TLS 1.0, 1.1 and 1.2 are checked.

3. Click OK


Mozilla Firefox (older versions)

1. Click the "Tools" menu at the top of the screen, then click "Options."

2. Click the "Advanced" button, then click the "Encryption" tab below it.

3. Remove the checks from next to "Use SSL 3.0"

4. Click "OK."


Google Chrome

1. Click the wrench-shaped icon at the top of the screen, then click "Options."

2. Click the "Under the Hood" tab, then scroll down to the "Security" section.

3. Remove the check from next to "Use SSL 2.0."

4. Click "Close."