HKCert
Security Blog

HKCERT will disable SSL v3.0 from June 1, 2015 onwards

Release Date: 29 / 01 / 2015
Last Update: 30 / 01 / 2015

In order to strengthen the security of the communication between HKCERT website and end users, we will stop supporting SSL v3.0 from June 1, 2015 onwards.

 

In October 2014 a security vulnerability related to SSL v3.0 name “POODLE” was discovered. The vulnerability can be used by attacker to eavesdrop the  content encrypted under SSL v3.0. HKCERT recommends disabling SSL v3.0 on servers and switch to TLS to encrypt the connection, and to stop the backward compatibility function for TLS to support SSL v3.0. Users should use the most updated browsers and turn on TLS support. Mainstream browsers such as Chrome and Firefox have take the initiative to disable SSL v3.0 in the latest versions.

 

HKCERT website still supports SSL v3.0 until June 1, 2015.

 

Who are affected?

  • Windows XP and Internet Explorer 6 users are affected because Internet Explorer 6 does not support TLS encryption.  From June 1, 2015 onwards you will not be able to browse the HKCERT website.
  • Users whose browsers are configured to support SSL v3.0 only and not supporting TLS.

 

What can user do?

  1. If you are using a older version browser, please upgrade to the latest version:
    - Internet Explorer version 11 and above
    - Chrome version 40 and above
    - FireFox version v35 and above
     
  2. Windows XP has reached end of support. HKCERT strongly recommends upgrading Windows XP to Windows 7 or Windows 8.1 and install the latest version of Internet Explorer 11. User who cannot upgrade the Windows system, can install Google Chrome v40 or Mozilla Firefox v35 or later version of browsers.

Tips:

  1. User can update the browser settings to disable support for SSL 2.x, 3.x and TLS 1.0 and use TLS 1.1 and 1.2 only to enhance security.