Recommended Agency

text controls: text only | A A A

Sorry, our twitter status is currently unavailable, posted 12 minutes ago

RSS feed icon What is RSS?

blog.

SSLv3 problems mean IE6 users won't be able to use our secure websites

Warning: IE6 users will be unable to access secure (https) websites

Due to a security problem found in SSLv3, dubbed “POODLE” (see http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html for technical information), we’ve disabled SSLv3 on all our secure (https) websites.

In brief, the security flaw may allow (in certain circumstances) hackers to gain access to login accounts on secure sites, and “impersonate” those users.

The main effect this change will have is that if you have a secure website, users of Internet Explorer 6 on Windows XP will no longer be able to access the secure section of your site by default.

However, our statistics show that IE6 usage on our sites is now very, very low - around 0.2% or less; and as Microsoft ceased support for IE6 on XP in April 2014 we think the decision is justifiable. Major sites such as Twitter have been making the same change.

If your users are unable to upgrade their IE6 to a newer browser, it is possible to enable TLS 1.0 (the successor to SSLv3) by going into Internet Options, choosing the Advanced tab, and ticking the “Use TLS 1.0” box. After this change, the secure sites will then work for them again.

If you have any questions about aspect of this change, please do get in touch with us.

Neil Smith
Neil

Created on Friday October 17 2014 12:53 PM


Tags:


Comments [0]








Comments


Add a comment