|19 Feb 2016
||IBrowse 2.4, AmiSSL 3.6/3.7 and the POODLE attack
I'm sure you are all well aware that many secure websites are normally not reachable with IBrowse 2.4 any longer, due to servers shutting off SSLv2 and SSLv3 connections due to the POODLE attack. However, there is a solution... This is delayed advice, as I have only just realised it was possible: contrary to the previous news item, you should enable both "SSLv2 support" and "SSLv3 support" on the "Security" page of the IBrowse preferences. You must then also enter the following command in a shell:
setenv save AmiSSL/SSL_CLIENT_VERSION tls1This will force any most applications that use AmiSSL, including IBrowse, to disable both SSLv2 and SSLv3, and use more secure TLSv1 connections instead.This issue will be properly addressed in IBrowse 2.5 and a new version of AmiSSL.