Summary: Effective January 25, 2015, RGFCU Home Banking will block members attempting to access the site from insecure browsers utilizing SSL 3.0. Some members may receive a message that they cannot access the site using their current browser. To address, members must upgrade to a more current browser.
Details: On October 14, 2014, Google reported a vulnerability in Secure Socket Layer (SSL) version 3.0. The vulnerability is known as Padding Oracle on Downgraded Legacy Encryption (Poodle). A network attacker could exploit the vulnerability to calculate the plaintext of secure connections and perpetrate a "man-in-the-middle" (MITM) attack by decrypting the session cookie that identifies a user to a service such as Google, and then take over the user's account without a password. For additional information on the Poodle vulnerability, you may visit:
The Google Online Security Blog post on the Poodle vulnerability
The Google Security Advisory on the Poodle vulnerability, published on the OpenSSL site
Members using a browser with SSL 3.0 only may be at risk to this vulnerability. To address, you should upgrade to a more current browser version that does not require the insecure SSL 3.0 protocol.
We will be taking additional steps to prevent access to our site from browsers using the insecure protocol. We are actively working to disable SSL 3.0 as an access option, and limit access to browsers utilizing a more secure protocol (Transport Layer Security).
When SSL 3.0 is disabled, members attempting to access Home Banking with browsers utilizing the insecure protocol will be denied, as the browser will not be able to access the Home Banking site. To access Home Banking, you will need to utilize a more current browser version that does not require the SSL 3.0 protocol.
As a reminder, Home Banking supports current versions of popular browsers such as Internet Explorer, Chrome, Firefox, and Safari. Current versions will not be denied access to Home Banking with this change, provided you have not explicitly chosen SSL 3.0 in your browser security settings. If you have chosen this setting, you will need to deselect it to access Home Banking.
The vast majority of Home Banking users (estimate 98%) should not experience any issue with this change. For those that do have an issue you should utilize a more current browser for stronger security of your online experience.
Home Banking will disable SSL 3.0 and deny access of any browser using this protocol on January 25, 2015.
As a reminder, you can also access Home Banking from your Google Android device or your Apple iPhone by downloading our free app from the Google Play Store or the Apple App Store. Just search for RGFCU.