PINES and the POODLE SSL Vulnerability


You may see articles being passed around the web this week on the POODLE vulnerability.  PINES employs SSL (Secure Sockets Layer) to encrypt private information and protect our end users from threats on the web.  When we receive information via security mailing lists and other reliable sources regarding vulnerabilities, we act quickly to make sure our system is protected.  In this case, the solution is to disable an older form of encryption called "SSLv3", which we have already done on the PINES servers.  Making this change will not affect the vast majority of PINES users at all, but if there are patrons still using Internet Explorer 6 or other older browsers, they will not be able to connect to to manage their accounts. While the best solution to this problem is for these users to upgrade to a newer web browser, patrons using IE 6 may use the following workaround:

  1. In the top menu, go to Tools -> Internet Options.
  2. Click the Advanced tab.
  3. Scroll down to the Security section and click "Use TLS 1.0"

IE 6 users will then be able to access their accounts.