How to make sure POODLE doesn’t affect your applications
Use TLS 1.0 to make sure POODLE doesn’t affect your application.
The recent discovery of a serious flaw in SSL 3.0 referred to as POODLE has caused important security concerns.
Use TLS 1.0 to make sure POODLE doesn’t affect you
By default the 4D Payments SDK components will negotiate the highest mutually supported TLS version when establishing an SSL session. In almost all cases this is TLS 1.0. Unless the server you are connecting to only supports SSL 3.0 the component will not negotiate SSL 3.0.
To remove all possibility of using SSL 3.0 you can explicitly disable SSL 3.0 support in the component and allow only TLS 1.0 by setting the SSLEnabledProtocols setting:
component.Config("SSLEnabledProtocols=192"); //TLS 1.0 only
If the server you are connecting to supports TLS 1.0, or has already disabled SSL 3.0, then you should not need to make any changes. However you can use the approach above to rule out any possibility of using SSL 3.0
We appreciate your feedback. If you have any questions, comments, or suggestions about this entry please contact our support team at email@example.com.