SSL 3.0 – Security Changes Effective November 15, 2014

Home/Site Security/SSL 3.0 – Security Changes Effective November 15, 2014

SSL 3.0 – Security Changes Effective November 15, 2014

Security Changes Effective November 15, 2014

Generally the updates we have made will not affect your use of our eCommerce site unless you are using Internet Explorer 6 (IE6) and/or Windows XP unless you have manually changed your security settings. Please read below if any of these apply or you have difficulty using the site.

On November 15th, we will no longer support SSL 3.0. This will prevent Internet Explorer 6 (IE6) users from accessing Glennie’s Office Products, Inc. eCommerce site ECinteractivePLUS until they change their IE security settings. Other IE users using Windows XP could experience issues accessing the site if their default settings were manually changed.

If you use IE6, follow these steps before November 15 to change your security settings:

1. Open Internet Explorer.
2. Click the Tools menu and select Internet Options.
3. Click the Advanced tab.
4. Scroll to the Security section near the bottom of the list.
5. Uncheck SSL 3.0 and check TLS 1.0.
6. Click Apply and then OK.

If you use another version of IE and cannot access the site after November 14, your security settings may have been manually changed. Follow the above steps to disable SSL 3.0.

Why are we making this change?

We are making this proactive change due to a vulnerability that was recently found in the design of the SSL 3.0 protocol. This vulnerability is not specific to ECi or this site, so you can increase your overall internet security by disabling SSL 3.0 in all browsers or updating your browsers to their current version. For more information about this vulnerability, please review this US-CERT article.

Will Microsoft disable SSL 3.0 as a default setting?

Per Microsoft, there are plans to remove SSL 3.0 as a default in the coming months. We do not know if XP will be updated since Microsoft ended XP support in April 2014. For more information, please visit Microsoft’s Security TechCenter.