Print

After SSL version 3 comes TLS protocol

Written by Roland on . Posted in News

HTTPS-Logo

According to Technical specifications for users of version 1.2 document (chapter 3.2 Safety requirements) in fiscalization system is protection at the transport layer which is provided using SSL version 3 encryption protocol.

At the end of 2014, Google’s security team announced that SSL version 3 encryption is broken (by taking advantage of vulnerability known as POODLE) and that it should not be used anymore. For that vulnerability is created a patch, but it does not resolving the problem completely because the patch works only if it is applied to both side of the connection.

In accordance with the above, fiscalization system supports security protocol TLS (version 1.1 and version 1.2) in the test and production environments and there is no setback to its use. That is the reason for recommendation that software manufacturers have to start using TLS protocol. During 2016 it is expected a completely disable communication through SSL version 3.

Source:  http://www.porezna-uprava.hr