By now most people will have heard of the POODLE SSL vulnerability, a flaw in the SSL 3.0 protocol that affects FTPS and HTTPS. We’ve recently blogged about POODLE in some detail. We’ve spent the last couple of weeks updating our products to deal with POODLE, and can today say that the latest versions of all our products now disable SSLv3 by default – the simplest way to prevent POODLE from being exploited. SSLv3 was superceded 15 years ago, and it is now reasonable to expect support for TLS 1.0 or higher. Products modified include CompleteFTP, edtFTPnet/PRO and edtFTPj/PRO. POODLE highlights the importance of keeping security software in your organization up-to-date. Many companies use secure FTP (FTP over SSL/TLS) to transfer highly confidential documents between different business locations, and users of any of the products above should be upgrading as soon as possible. The cost of maintaining a support agreement is minuscule compared to the potential loss from malicious hacking.
The POODLE SSL vulnerability resolved
About the Author: Bruce Blackshaw
Bruce has been writing software professionally for almost 25 years, and has worked in a number of industries, including commercial software development and investment banking. He has wide experience in encryption, security, and network protocols such as SSL/TLS, SSH, SFTP and FTPS. Bruce currently works on developing CompleteFTP.
Comments are closed.