SSL is one of the crytpgraphic protocols designed to provide secure communication over the internet. You might have seen it when you access your bank account or anything the requires you to login. Commonly seen when you visit a website and the url start with Https:// The “S” stands for security. With Https:// the information is encrypted when it travels through the internet.
Due to a vulnerability of SSL version 3.0, an attack called “POODEL” allows hackers to convert encrypted information to plain text which expose your information. SSL v3 is over 17 years old and the implementation is widespread. Some company (at least that one that SNC services) has configured the Web server to force the encryption to TLS, which is another cryptographic protocol. Unfortunately most web server still supports SSL.
POODLE can be easily fixed. The solution is to disable SSL on your browser forcing it to use TLS. To check if your browser support SSL, go to https://www.ssllabs.com/ssltest/viewMyClient.html
To disable SSL:
- Chrome: add a command line flag: “–ssl-version-min=tls1”
- Firefox: On the about:config page. Set the value of security.tls.version.min to 1
- Internet Explorer: On the Internet Options, click the Advanced tab and unchecked all SSL.
- Opera: For version 12.17 and older, press ctrl+f12 and click on advance. Click on security, then security protocol. Uncheck enable SSL
- Max OS X: Open AppleScript Editor (in /Applications/Utilities/). Type (do shell script “open ‘/Applications/Google Chrome.app’ –args –ssl-version-min=tls1”)
- Safari: Apply security update 2014-005
- Email: For desktop application, set your SMTP protocol to port 587 (TLS). SSL is port 465
If you need assistance, contact Sarceno Network Consulting and we can provide remote assistance.
