SSL and TLS are protocols that are used to ensure data security when sensitive data such as emails/payment info are sent across networks. However at present, SSL 3.0 has become completely insecure and obsolete. We wish to bring to your notice that due to this technical vulnerability with the SSL 3.0 protocol, Zoho Recruit will stop extending support for it from December 8, 2014. Therefore, all implementations of SSL 3.0 will have to be replaced.
As a Zoho Recruit user, this issue in two cases may affected you - if you are a user of Recruit API and/or Zoho Recruit Plugin for MS Outlook.
In either case, we strongly recommend that you take the following measures to overcome this issue.
API users
Recruit API is used to integrate third-party software with your Recruit account. Click here to view the API section.
I f you have used this space to generate an authentication token , you are an API user and this post is applicable for you. Please switch to any of the following protocols right away so that you can continue to access Zoho Recruit without hassles.
TLS 1.0
TLS 1.1
TLS 1.2
If your API calls have used SSL 3.0, then the following snippets needs to be replaced:
.NET
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
.JAVA
SSLContext sslContext=SSLContext.getInstance("TLS");
PHP CURL
curl_setopt($curl, CURLOPT_SSLVERSION,1);
Users of Zoho Recruit Plug-in for MS Outlook
Zoho Recruit Plugin for MS Outlook is used to sync your Outlook contacts, calendar and emails with your Zoho Recruit account. Click Settings > Microsoft Outlook plug-in
I f you are using the plugin (any version) , this post is applicable for you.
In your MS Outlook account, click Zoho Recruit > About
If the version says 2.3 or above, you do not have to re-install the plugin. If the version is anything lower than 2.3, you will have to re-install the plugin. The latest versions of Microsoft Outlook have already replaced SSL 3.0 with its TLS successors.
Following are the links to re-install the plug-in for different versions of MS Outlook.
Microsoft Outlook 32-bit version:
https :// www .zoho.com/recruit/plugin/ ZohoRecruit -for- MicrosoftOutlook -v2_32b. exe
Microsoft Outlook 64-bit version:
https :// www .zoho.com/recruit/plugin/ ZohoRecruit -for- MicrosoftOutlook -v2_64b. exe
Besides these, Zoho Recruit will no longer extend support to any browsers using SSL 3.0 protocol. In such a case, you will be prompted to update your browser to the appropriate latest versions.
If you fail to make these changes before December 8, 2014, your API calls and Zoho Recruit plug-in for MS Outlook will not work.
To know more about what's called the POODLE attack, check out the links below:
https://www.imperialviolet.org/2014/10/14/poodle.html
http://googleonlinesecurity.blogspot.in/2014/10/this-poodle-bites-exploiting-ssl-30.html
Adopt these measures immediately so that you are not affected by this attack.
Please write back to us for clarifications.
Regards,
Gayatri Nair
Writer is a powerful online word processor, designed for collaborative work.