How does the Poodle SSLv3 Vulnerability affect my online store or shopping cart and what should I do.
On 10/14/2014, Google released details about a major vulnerability in the SSLv3 protocol. Information sent between web browsers and web servers over https that use the SSL protocol can be intercepted and decrypted, effective immediately it is no longer suitable to secure web pages.
The SSL protocol SSLv3 has been around for a very long time, but was replaced by a newer protocol called TLS. But sometimes web pages are still loaded over the old protocol, so immediate action is required!
TLS is widely supported and how most of the web pages you visit are secured today. However, with this new discovery, it is imperative that you disable SSLv3 in your web browser as well as on your web server (if you have a website). Disabling SSLv3 will ensure that https communications are always sent over TLS, rather than SSL.
If you use Internet Explorer, you can easily disable SSL by doing the following: While in IE, click on Internet Options and click the Advanced tab. Next, scroll down a bit and you will see an option called SSL 3.0, uncheck that (and uncheck SSL 2.0 if that is checked). Next, click OK to save, and lastly close then restart IE. For all other browsers it is much more complex, see the link below to disable SSLv3.
If your run a website, online store, or have a shopping cart that requires secure pages, you will need to contact your systems administrator or web host, or whoever runs your web server, and they will need to disable SSLv3 on the server.
PDSHOP USERS: We recommend upgrading if you are using an older version of PDshop, to ensure no connection issues once SSL 3.0 is disabled by the various vendors and APIs that PDshop interacts with.
SERVER ADMINISTATORS: If you are a system admin, web master, or web server admin, you must disable the SSL protocol on all of your servers. This is NOT done the same way as noted above. CONTACT US for assistance with turning off this protocol. Use Contact Us link above.
The SSL protocol SSLv3 has been around for a very long time, but was replaced by a newer protocol called TLS. But sometimes web pages are still loaded over the old protocol, so immediate action is required!
TLS is widely supported and how most of the web pages you visit are secured today. However, with this new discovery, it is imperative that you disable SSLv3 in your web browser as well as on your web server (if you have a website). Disabling SSLv3 will ensure that https communications are always sent over TLS, rather than SSL.
If you use Internet Explorer, you can easily disable SSL by doing the following: While in IE, click on Internet Options and click the Advanced tab. Next, scroll down a bit and you will see an option called SSL 3.0, uncheck that (and uncheck SSL 2.0 if that is checked). Next, click OK to save, and lastly close then restart IE. For all other browsers it is much more complex, see the link below to disable SSLv3.
If your run a website, online store, or have a shopping cart that requires secure pages, you will need to contact your systems administrator or web host, or whoever runs your web server, and they will need to disable SSLv3 on the server.
PDSHOP USERS: We recommend upgrading if you are using an older version of PDshop, to ensure no connection issues once SSL 3.0 is disabled by the various vendors and APIs that PDshop interacts with.
SERVER ADMINISTATORS: If you are a system admin, web master, or web server admin, you must disable the SSL protocol on all of your servers. This is NOT done the same way as noted above. CONTACT US for assistance with turning off this protocol. Use Contact Us link above.
Related Articles
Other Resources
Related Topics
Search for help...