POODLE SSL Vulnerability Countermeasure & IE9 Compatibility

We encrypt our web traffic to keep your data and account information secure.

Up until last week, we were using a combination of SSL and TLS to facilitate secured network communication between client browsers and our servers.

We've since shut off SSL 3.0 as a recommended countermeasure against the POODLE threat, announced last week. We knew all our supported browsers could handle the more secure TLS protocols (1.0, 1.1, & 1.2) that we now exclusively operate on, but there is some additional configuration that Internet Explorer 9 (IE9) requires.

 

IE9 users need to enable TLS support in order to use Inteliguide & Patrolguide.

While IE9 supports TLS, it doesn't come enabled outta the box. Here's a quick guide on how to turn on support for TLS:

http://grok.lsu.edu/Article.aspx?articleId=15565 (scroll down through the Advanced Settings until you reach the TLS 1.0-1.2 check boxes)

Alternatively, we recommend IE9 users upgrade to the newest version of Internet Explorer compatible with their version of Windows.

 

Additional Recommendations:

We recommend turning SSL 3.0 off entirely. Most modern browsers don't have it enabled by default, which is more secure because the POODLE threat affects both client and server communications, but IE9 may still have it enabled. Unchecking this is the best and most secure practice.

 

More reading:

POODLE Vulnerability Advisory (with link to the original Google announcement): http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat

TLS & SSL spec: http://en.wikipedia.org/wiki/Transport_Layer_Security

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk