How to make sure POODLE doesn’t affect your applications


Use TLS 1.0 to make sure POODLE doesn’t affect your application.

The recent discovery of a serious flaw in SSL 3.0 referred to as POODLE has caused important security concerns.

Use TLS 1.0 to make sure POODLE doesn’t affect you

By default the 4D Payments SDK components will negotiate the highest mutually supported TLS version when establishing an SSL session. In almost all cases this is TLS 1.0. Unless the server you are connecting to only supports SSL 3.0 the component will not negotiate SSL 3.0.

To remove all possibility of using SSL 3.0 you can explicitly disable SSL 3.0 support in the component and allow only TLS 1.0 by setting the SSLEnabledProtocols setting:

component.Config("SSLEnabledProtocols=192"); //TLS 1.0 only

If the server you are connecting to supports TLS 1.0, or has already disabled SSL 3.0, then you should not need to make any changes. However you can use the approach above to rule out any possibility of using SSL 3.0

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@4dpayments.com.