SSL v3 (POODLE) Vulnerability

February 21, 2015, Written by 0 comment

Google researchers announced the discovery of a vulnerability that affects servers with SSL 3.0 enabled. This vulnerability has been named POODLE (Padding Oracle On Downgraded Legacy Encryption).
The POODLE vulnerability does not affect your SSL Certificates and you do NOT need to reissue/reinstall your SSL Certificates.
DigiCert and other security experts recommend disabling SSL 3.0 or CBC-mode ciphers with SSL 3.0 to protect against this vulnerability.

You can use SSL Installation Diagnostics Tool from DigiCert to check if SSL 3.0 is enabled on your servers.
For servers that have SSL 3.0 enabled, Security experts are recommending that you disable SSL 3.0 for the time being and use TLS 1.1 or 1.2 instead. Most modern browsers will support TLS 1.1 and 1.2.

If you use a hosting provider, we recommend that you call them and request that they disable SSL 3.0 on your server.
Servers that do not have SSLv3 enabled are unaffected.


Leave a reply