Mandatory Software Update
An update that resolves the SSL/TLS error when attempting to use ShipWorks is available on our download page. This error is affecting all users and is a mandatory update. If you need assistance updating your software, please watch this tutorial video.
Why is the update necessary? A team at Google discovered a vulnerability in SSL version 3.0 that can allow an attacker to extract secret confidential information from inside of an encrypted transaction, like cookies. This vulnerability became known as POODLE, for “Padding Oracle On Downgraded Legacy Encryption.” Any connection that supports SSL v3 is vulnerable to POODLE.
Because ShipWorks has never issued a mandatory software update, some ShipWorks customers were using legacy versions of ShipWorks that had the ability to use SSL v3.0. We decided to issue a mandatory update for all ShipWorks’ customers, not only those using legacy versions, as an added security precaution.
It’s very important to know that ShipWorks customers’ data has never been compromised during this process. This is the first time in the history of the company that we have issued a mandatory update.
We are very sorry for those that experienced delays shipping while completing the update, and we thank you for your patience during the process.
Thank you for being a ShipWorks customer.
The ShipWorks Team