How to make sure POODLE doesn't affect your applications

Use TLS 1.0 to make sure POODLE doesn't affect your application.

Date Entered: 10/24/2014    Last Updated: 10/24/2014

The recent discovery of a serious flaw in SSL 3.0 referred to as POODLE has caused important security concerns.

Use TLS 1.0 to make sure POODLE doesn't affect you

By default the /n software components will negotiate the highest mutually supported TLS version when establishing an SSL session. In almost all cases this is TLS 1.0. Unless the server you are connecting to only supports SSL 3.0 the component will not negotiate SSL 3.0.

To remove all possibility of using SSL 3.0 you can explicitly disable SSL 3.0 support in the component and allow only TLS 1.0 by setting the SSLEnabledProtocols setting:

component.Config("SSLEnabledProtocols=192"); //TLS 1.0 only

If the server you are connecting to supports TLS 1.0, or has already disabled SSL 3.0, then you should not need to make any changes. However you can use the approach above to rule out any possibility of using SSL 3.0


We appreciate your feedback.  If you have any questions, comments, or suggestions about this entry please contact our support team at kb@nsoftware.com.