banner

Fixing Lightroom Problems Caused by the POODLE Security Vulnerability

Fixing Lightroom Problems Caused by the POODLE Security Vulnerability
No Poodles Here (beauty is certainly in the eye of the beholder) At a gallery in Carmel California, in 2000 -- Carmel, California, United States -- Copyright 2000 Jeffrey Friedl, http://regex.info/blog/

Canon PowerShot S20 @ 6mm — 1/20 sec, f/2.9, ISO 62 — map & image datanearby photos

No Poodles Here

(wow, beauty is certainly in the eye of the beholder)

At a gallery in Carmel California, in 2000

A security weakness dubbed POODLE has recently been discovered in how internet-connected applications make secure connections, and this is having an increasingly-detrimental impact on Lightroom. Thankfully, it's easy enough to fix for most folks, and this post tells you how.


POODLE manifests itself in that certain kinds of secure connections are no longer quite as secure as they're supposed to be, so until you fix this for your Internet-connected applications, your data may be at risk. But the secondary problem is that, until fixed on your system, your Internet-connected applications like Lightroom may experience seemingly random network errors as more and more remote sites, in an effort to protect their users' data, completely disable support for the insecure protocol.


(A tertiary problem is that folks running into these networking problems while using my Lightroom plugins blame the plugin and inundate me with bug reports.)


How to fix for Mac OS X:


Install Apple's latest security update (which you should be doing anyway). That's it. You're done.


How to fix for Windows:


If you use any of my Lightroom plugins, the easiest way to fix it is to upgrade to the latest version of the plugin. As of versions that I released yesterday, all my plugins do a one-time check to see whether you're vulnerable, and if so, pop up a dialog that offers to fix it for you:



Just click on the [fix now] button and the plugin will fix the problem (disable SSL support in Internet Options, and enable TLS support.).


If you don't use any of my plugins, or if you didn't fix it the one time the dialog (perhaps unexpectedly) popped up, you can use my free my System Information plugin to check/fix your system any time:



The [how to fix] button brings you to the same dialog shown earlier, offering to fix it immediately for you.


In either case, the plugin fixes applications like Internet Explorer and Lightroom that use the base Windows connection library. Some third-party browsers do their own networking, so must be fixed separately. If you have custom browsers on Windows, see this page. (That page also explains how to do the base fix the plugins do, in case you don't want to have the plugins do it for you.)