TourCMS community

For users of the TourCMS tour operator ecommerce platform

As we have received a few queries through to the helpdesk on this, prompted by emails from payment gateways I thought I would post a quick update here on the forums.

What is POODLE?

A vulnerability was disclosed recently in in an old version of SSL (v3), the encryption technology used to create secure connections between websites. The bug has been named POODLE (short for "Padding Oracle On Downloaded Legacy") and could allow the plaintext of secure connections to be calculated by a network attacker.

In short it means "secure" connections that are using the old version of SSL may not be secure.

Steps TourCMS are taking:

  • TourCMS servers do not support the old version of SSL (SSL v2 and v3 are disabled)
  • TourCMS are working with our various integrated payment gateway integrations to ensure continued service.

Steps you can take:

  • Visit this page in your browser: https://www.poodletest.com/ if you see a Poodle, you may want to download a more modern web browser.
  • If you use the TourCMS booking engine, SSLv3 has already been disabled, no further action is necessary
  • If you have your own custom booking engine and SSL certificate you _may_ consider disabling SSLv3, or disabling SSL version fallback  https://www.poodlescan.com/ speak to your web designer or hosting company for more information.

http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bite...

Views: 92

Reply to This

© 2017   Created by TourCMS team.   Powered by

Badges  |  Report an Issue  |  Terms of Service