Disabling SSLv3 for POODLE

Padding Oracle On Downgraded Legacy Encryption (POODLE) was released with the CVE identifier of CVE-2014-3566. This vulnerability was discovered in SSL 3.0. This is different to the “HeartBleed” vulnerability which was discovered in OpenSSL. SSL protocol 3.0 has a vulnerability in which CBC-modde ciphers allow “man in the middle” attacks through the use of padding-oracle stacks. This targets the ciphers and allows the retrieval of plain-text from what should otherwise be, encrypted information.   Impacts of Disabling SSLv3 For the most part, there is no impact for people in disabling SSLv3 due to the fact that the large majority of connections rely on TLS. It is advisable to not only disable SSLv3 on server […]