SSL and Network Security Update

Effective November 14, 2014, CellarTracker will no longer support SSLv3 or SHA-1 certificates.

CellarTracker strongly believes in the protection of your personal information, and since 2011, all registered users have been browsing the site securely via HTTPS (more information on this is available in our Password Security help topic). Recently, a number of vulnerabilities have been exposed in older technologies used to secure HTTPS communication (see: POODLE attack on SSLv3, Sunsetting SHA-1). As a result of these recent disclosures and updated best practices, effective November 14, 2014, CellarTracker will no longer support SSLv3 or SHA-1 certificates. (Note: we have no reason to believe CellarTracker has been a target of any attacks, or that any information has been compromised as a result of these disclosures. We are purely doing this as a preemptive measure.)

For the vast majority of our users (over 99%, based on our latest data), this should be a completely transparent change. However, for a small handful of users, an OS or Browser upgrade may be required in order to browse the site as a logged in user -- note that browsing without logging in will NOT be affected.

Minimum System Requirements

In order to access CellarTracker as a logged in user, your system must be able to support TLS and SHA256 [1]. The following operating systems are all supported:

  • Windows Vista, 7, 8, 8.1+
  • Windows XP SP3+ (you MUST have SP3 installed; prior versions will not work)
  • Mac OS X 10.5+
  • Apple iOS 3+
  • Android 2.3+
  • Windows Phone 7+

[1] SHA256 compatibility

How can I protect myself?

Detailed instructions to disable SSLv3 in your browser are available here. For Windows users, Microsoft has provided knowledge base article KB3009008 with an automated "Fix-it" tool to simplify the process.

Troubleshooting and FAQ

Q: Why can't I log in to CellarTracker?
A: If you're getting an error loading the log-in page, most likely you only have the older, insecure SSLv3 protocol enabled on your device. For Windows/Internet Explorer users: Follow the instructions to disable SSLv3, and also ensure that TLS 1.0, TLS 1.1, and TLS 1.2 are all checked on the same dialog. For all other OSes and Browsers, ensure you meet the minimum requirements above, and are using the latest available version of your browser. Still can't login? Please Contact Us for additional support.

Q: How do I make sure I'm safe from POODLE?
A: You can visit this site to determine whether your browser has SSLv3 enabled, and also find instructions on how to disable it.